Edit tour

Windows Analysis Report
1x6jzcZeRu.exe

Overview

General Information

Sample name:	1x6jzcZeRu.exe renamed because original name is a hash value
Original sample name:	7266644b3b822760ed8fe66104251bec8ba51f8f01581d40e1e807ca82dd09d8.exe
Analysis ID:	1483408
MD5:	92ffd5a24bf3942ffa7ac182e4e0c171
SHA1:	7c69105624bb5c58643288bb8d419abfd3cd6e1e
SHA256:	7266644b3b822760ed8fe66104251bec8ba51f8f01581d40e1e807ca82dd09d8
Tags:	156-255-2-100exe
Infos:

Detection

CobaltStrike

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected CobaltStrike

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Potentially malicious time measurement code found

Contains functionality for execution timing, often used to detect debuggers

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains sections with non-standard names

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

1x6jzcZeRu.exe (PID: 6868 cmdline: "C:\Users\user\Desktop\1x6jzcZeRu.exe" MD5: 92FFD5A24BF3942FFA7AC182E4E0C171)

conhost.exe (PID: 6896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Cobalt Strike, CobaltStrike	Cobalt Strike is a paid penetration testing product that allows an attacker to deploy an agent named 'Beacon' on the victim machine. Beacon includes a wealth of functionality to the attacker, including, but not limited to command execution, key logging, file transfer, SOCKS proxying, privilege escalation, mimikatz, port scanning and lateral movement. Beacon is in-memory/file-less, in that it consists of stageless or multi-stage shellcode that once loaded by exploiting a vulnerability or executing a shellcode loader, will reflectively load itself into the memory of a process without touching the disk. It supports C2 and staging over HTTP, HTTPS, DNS, SMB named pipes as well as forward and reverse TCP; Beacons can be daisy-chained. Cobalt Strike comes with a toolkit for developing shellcode loaders, called Artifact Kit.The Beacon implant has become popular amongst targeted attackers and criminal users as it is well written, stable, and highly customizable.	APT 29 APT32 APT41 AQUATIC PANDA Anunak Cobalt Codoso CopyKittens DarkHydrus FIN6 FIN7 Leviathan Mustang Panda Shell Crew Stone Panda TianWu UNC1878 UNC2452 Winnti Umbrella	http://blog.morphisec.com/new-global-attack-on-point-of-sale-systems http://blog.nsfocus.net/murenshark http://stillu.cc/assets/slides/2023-08-Unmasking%20CamoFei.pdf http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa http://www.secureworks.com/research/threat-profiles/gold-drake	https://malpedia.caad.fkie.fraunhofer.de/details/win.cobalt_strike

Malware Configuration

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 18896, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "156.255.2.100,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security
00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x18983:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x19cb4:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_2	Yara detected CobaltStrike	Joe Security
00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_4	Yara detected CobaltStrike	Joe Security
00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_f0b627fc	Rule for beacon reflective loader	unknown	0x18973:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75 0x19ca4:$beacon_loader_x64: 25 FF FF FF 00 3D 41 41 41 00 75 1A 8B 44 24 78 25 FF FF FF 00 3D 42 42 42 00 75
00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_b54b94ac	Rule for beacon sleep obfuscation routine	unknown	0x137:$a_x64: 4C 8B 53 08 45 8B 0A 45 8B 5A 04 4D 8D 52 08 45 85 C9 75 05 45 85 DB 74 33 45 3B CB 73 E6 49 8B F9 4C 8B 03
00000000.00000002.2888862525.0000014674061000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp	Windows_Trojan_CobaltStrike_663fc95d	Identifies CobaltStrike via unidentified function code	unknown	0x1c93c:$a: 48 89 5C 24 08 57 48 83 EC 20 48 8B 59 10 48 8B F9 48 8B 49 08 FF 17 33 D2 41 B8 00 80 00 00
Process Memory Space: 1x6jzcZeRu.exe PID: 6868	JoeSecurity_CobaltStrike_3	Yara detected CobaltStrike	Joe Security
Click to see the 8 entries

Suricata Signatures

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 13.85.23.86 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T11:19:15.402248+0200
SID:	2022930
Source Port:	443
Destination Port:	49741
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow - Source IP: 52.165.165.26 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T11:19:56.111075+0200
SID:	2022930
Source Port:	443
Destination Port:	54130
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC) - Source IP: 156.255.2.100 - Destination IP: 192.168.2.4

Timestamp:	2024-07-27T11:18:57.161297+0200
SID:	2841527
Source Port:	18896
Destination Port:	49730
Protocol:	TCP
Classtype:	Domain Observed Used for C2 Detected

ET JA3 Hash - [Abuse.ch] Possible Dridex - Source IP: 192.168.2.4 - Destination IP: 156.255.2.100

Timestamp:	2024-07-27T11:18:55.720979+0200
SID:	2028765
Source Port:	49730
Destination Port:	18896
Protocol:	TCP
Classtype:	Unknown Traffic

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp

Malware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 18896, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "156.255.2.100,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 987654321, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Multi AV Scanner detection for domain / URL

Source: https://156.255.2.100:18896/

Virustotal: Detection: 5%

Perma Link

Multi AV Scanner detection for submitted file

Source: 1x6jzcZeRu.exe	ReversingLabs: Detection: 47%
Source: 1x6jzcZeRu.exe	Virustotal: Detection: 60%			Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Bitcoin Miner

Contains functionality to registers a callback to get notified when the system is suspended or resumed (often done by Miners)

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_000920A0 LoadLibraryExW,

0_2_000920A0

Source: 1x6jzcZeRu.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 4x nop then cmp rdx, rbx	0_2_0006B320
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 4x nop then cmp rdx, 40h	0_2_0007F360
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 4x nop then shr r10, 0Dh	0_2_0008A580
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 4x nop then shr r10, 0Dh	0_2_0008BA00
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 4x nop then lock or byte ptr [rdx], dil	0_2_0007FAA0

Networking

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: 156.255.2.100

Source: global traffic

TCP traffic: 192.168.2.4:49730 -> 156.255.2.100:18896

Source: Joe Sandbox View

ASN Name: ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK

Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100
Source: unknown	TCP traffic detected without corresponding DNS query: 156.255.2.100

Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4FA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.jquery.com/
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://code.jquery.com/9
Source: 1x6jzcZeRu.exe, 00000000.00000003.1665460692.0000014674A27000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: 77EC63BDA74BD0D0E0426DC8F80085060.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D4FC000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab)
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D4FC000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4FC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab?2ecca012f8
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100/
Source: 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/SMF
Source: 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/dlliCe
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js
Source: 1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js$Y
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js%
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js.
Source: 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js2
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06M
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4B4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.js9
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsV
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsY
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsl
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsography
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsoint:V
Source: 1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jspXS
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsr
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider
Source: 1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider9
Source: 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsvider
Source: 1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsvider8Xk
Source: 1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsxX
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsyptnetUrlCache
Source: 1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/jquery-3.3.1.min.jsy~Z
Source: 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://156.255.2.100:18896/l

Source: 1x6jzcZeRu.exe

Binary or memory string: runtime.main not on m0set_crosscall2 missingbad g->status in readywirep: invalid p stateassembly checks failedstack not a power of 2minpc or maxpc invalidcompileCallback: type non-Go function at pc=RtlLookupFunctionEntryRegisterRawInputDevicesCreateAccelerator

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon reflective loader Author: unknown
Source: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Rule for beacon sleep obfuscation routine Author: unknown
Source: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Identifies CobaltStrike via unidentified function code Author: unknown

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0006C240	0_2_0006C240
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000942C0	0_2_000942C0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0009D920	0_2_0009D920
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00087A60	0_2_00087A60
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00061AA0	0_2_00061AA0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00086C60	0_2_00086C60
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000A4CA0	0_2_000A4CA0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0006CDE0	0_2_0006CDE0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00074E20	0_2_00074E20
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00063040	0_2_00063040
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000AE040	0_2_000AE040
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000970C0	0_2_000970C0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0007D0E0	0_2_0007D0E0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000C2109	0_2_000C2109
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000AF260	0_2_000AF260
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0009E3A0	0_2_0009E3A0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000793C0	0_2_000793C0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00084560	0_2_00084560
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0009F560	0_2_0009F560
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008A580	0_2_0008A580
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00081600	0_2_00081600
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0009B600	0_2_0009B600
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00069620	0_2_00069620
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000798E0	0_2_000798E0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00097900	0_2_00097900
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008E980	0_2_0008E980
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0006D9A0	0_2_0006D9A0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000859A0	0_2_000859A0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008BA00	0_2_0008BA00
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00073A20	0_2_00073A20
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008AA40	0_2_0008AA40
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008DC00	0_2_0008DC00
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000B9C00	0_2_000B9C00
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0009ACA0	0_2_0009ACA0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00078D00	0_2_00078D00
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0007FD20	0_2_0007FD20
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000AAD20	0_2_000AAD20
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0008CDE0	0_2_0008CDE0
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_00077F60	0_2_00077F60
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0000014674051528	0_2_0000014674051528
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0000014674050E64	0_2_0000014674050E64
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0000014674051F9C	0_2_0000014674051F9C
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467404F1A8	0_2_000001467404F1A8
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0000014674046B38	0_2_0000014674046B38
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_0000014674DC0000	0_2_0000014674DC0000

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: String function: 00098640 appears 693 times
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: String function: 00097E20 appears 89 times
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: String function: 00096320 appears 512 times

Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_f0b627fc reference_sample = b362951abd9d96d5ec15d281682fa1c8fe8f8e4e2f264ca86f6b061af607f79b, os = windows, severity = x86, description = Rule for beacon reflective loader, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = fbc94bedd50b5b943553dd438a183a1e763c098a385ac3a4fc9ff24ee30f91e1, id = f0b627fc-97cd-42cb-9eae-1efb0672762d, last_modified = 2022-01-13
Source: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_b54b94ac reference_sample = 36d32b1ed967f07a4bd19f5e671294d5359009c04835601f2cc40fb8b54f6a2a, os = windows, severity = x86, description = Rule for beacon sleep obfuscation routine, creation_date = 2021-10-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 2344dd7820656f18cfb774a89d89f5ab65d46cc7761c1f16b7e768df66aa41c8, id = b54b94ac-6ef8-4ee9-a8a6-f7324c1974ca, last_modified = 2022-01-13
Source: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_CobaltStrike_663fc95d os = windows, severity = x86, description = Identifies CobaltStrike via unidentified function code, creation_date = 2021-04-01, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = d0f781d7e485a7ecfbbfd068601e72430d57ef80fc92a993033deb1ddcee5c48, id = 663fc95d-2472-4d52-ad75-c5d86cfc885f, last_modified = 2021-12-17

Source: classification engine

Classification label: mal100.troj.evad.mine.winEXE@2/2@0/1

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6896:120:WilError_03

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

File opened: C:\Windows\system32\32e4c4252e63bc5803c269c3810a0c82c8cf773c3bdb0003632b579dfc925544AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Jump to behavior

Source: 1x6jzcZeRu.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: 1x6jzcZeRu.exe	ReversingLabs: Detection: 47%
Source: 1x6jzcZeRu.exe	Virustotal: Detection: 60%

Source: 1x6jzcZeRu.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
Source: 1x6jzcZeRu.exe	String found in binary or memory: runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable t
Source: 1x6jzcZeRu.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: uncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: 1x6jzcZeRu.exe	String found in binary or memory: concurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:sec
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: 1x6jzcZeRu.exe	String found in binary or memory: runtime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:sec
Source: 1x6jzcZeRu.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: 1x6jzcZeRu.exe	String found in binary or memory: /cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power
Source: 1x6jzcZeRu.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: /sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime: unblock on closing polldescUnable to determine system directoryruntime: VirtualQuery failed; errno=runtime: sudog with non-nil waitlinkruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: 1x6jzcZeRu.exe	String found in binary or memory: /cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.ins
Source: 1x6jzcZeRu.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: 1x6jzcZeRu.exe	String found in binary or memory: /gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus old
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent loc
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: 1x6jzcZeRu.exe	String found in binary or memory: /memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspin
Source: 1x6jzcZeRu.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: 1x6jzcZeRu.exe	String found in binary or memory: /sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack
Source: 1x6jzcZeRu.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: lfstack node allocated from the heap) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: ) is larger than maximum page size (runtime: invalid typeBitsBulkBarrieruncaching span but s.allocCount == 0/memory/classes/metadata/other:bytes/sched/pauses/stopping/other:secondsuser arena span is on the wrong listruntime: marked free object in span runtime:
Source: 1x6jzcZeRu.exe	String found in binary or memory: unsafe.String: len out of rangefaa2375edd5eade9607c79ab4660cbb1CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyGetVolumePathNamesForVolumeNameWcrypto/aes: input not full blockresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainslice bounds out of range [::%x]slice bounds out of range [:%x:]slice bounds out of range [%x::] (types from different packages)end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "use of closed network connectionCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyWcrypto/aes: output not full blocktoo many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "waiting for unsupported file typeCM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModescrypto/aes: invalid buffer overlaptoo many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timerunexpected runtime.netpoll error: SubscribeServiceChangeNotificationsnetwork dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/c
Source: 1x6jzcZeRu.exe	String found in binary or memory: unsafe.String: len out of rangefaa2375edd5eade9607c79ab4660cbb1CertAddCertificateContextToStoreCertVerifyCertificateChainPolicyGetVolumePathNamesForVolumeNameWcrypto/aes: input not full blockresource temporarily unavailablesoftware caused connection abortnumerical argument out of domainslice bounds out of range [::%x]slice bounds out of range [:%x:]slice bounds out of range [%x::] (types from different packages)end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevruntime: mcall function returnedruntime: newstack called from g=runtime: stack split at bad timepanic while printing panic valueruntime: setevent failed; errno=runtime.semasleep wait_abandoned" not supported for cpu option "use of closed network connectionCryptAcquireCertificatePrivateKeyGetVolumeNameForVolumeMountPointWInitializeProcThreadAttributeListSetupDiGetDeviceRegistryPropertyWSetupDiSetDeviceRegistryPropertyWcrypto/aes: output not full blocktoo many levels of symbolic linksslice bounds out of range [%x:%y]base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-cycle/memory/classes/heap/stacks:bytes/memory/classes/heap/unused:bytes/sched/pauses/stopping/gc:seconds/sched/pauses/total/other:secondsmin must be a non-zero power of 2runtime: failed mSpanList.insert runtime: castogscanstatus oldval=stoplockedm: inconsistent lockingfindrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of rangeGODEBUG: no value specified for "waiting for unsupported file typeCM_Get_Device_Interface_List_SizeWSetFileCompletionNotificationModescrypto/aes: invalid buffer overlaptoo many references: cannot spliceslice bounds out of range [:%x:%y]slice bounds out of range [%x:%y:]out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already set in timerunexpected runtime.netpoll error: SubscribeServiceChangeNotificationsnetwork dropped connection on resettransport endpoint is not connectedpersistentalloc: align is too large/memory/c
Source: 1x6jzcZeRu.exe	String found in binary or memory: net/addrselect.go
Source: 1x6jzcZeRu.exe	String found in binary or memory: sync/atomic/type.go<autogenerated>internal/abi/type.gointernal/cpu/cpu.gointernal/cpu/cpu_x86.gointernal/cpu/cpu_x86.sruntime/internal/sys/intrinsics.gointernal/bytealg/index_amd64.gointernal/bytealg/compare_amd64.sinternal/bytealg/equal_amd64.sinternal/bytealg/indexbyte_amd64.sinternal/chacha8rand/chacha8.gointernal/chacha8rand/chacha8_amd64.sruntime/float.goruntime/iface.goruntime/netpoll.goruntime/select.goruntime/alg.goruntime/typekind.goruntime/stubs.goruntime/arena.goruntime/mheap.goruntime/internal/atomic/types.goruntime/mem.goruntime/mem_windows.goruntime/lockrank_off.goruntime/lock_sema.goruntime/runtime2.goruntime/mwbbuf.goruntime/atomic_pointer.goruntime/os_windows.goruntime/cgocall.goruntime/proc.goruntime/runtime1.goruntime/chan.goruntime/cpuflags_amd64.goruntime/debug.goruntime/debugcall.goruntime/symtab.goruntime/defs_windows_amd64.goruntime/env_posix.goruntime/error.goruntime/traceback.goruntime/exithook.goruntime/hash64.goruntime/histogram.goruntime/metrics.goruntime/type.gointernal/abi/switch.goruntime/rand.goruntime/lfstack.goruntime/tagptr_64bit.goruntime/time_nofake.goruntime/lockrank.goruntime/malloc.goruntime/mfixalloc.goruntime/mcache.goruntime/fastlog2.goruntime/map.goruntime/msize_allocheaders.goruntime/map_fast32.goruntime/map_fast64.goruntime/map_faststr.goruntime/mbarrier.gointernal/abi/abi.goruntime/mbitmap.goruntime/mbitmap_allocheaders.goruntime/mcentral.goruntime/trace2runtime.goruntime/mgcsweep.goruntime/mcheckmark.goruntime/mgc.goruntime/mfinal.goruntime/sema.goruntime/mgcwork.goruntime/mprof.goruntime/mstats.goruntime/print.goruntime/mgcpacer.goruntime/mgclimit.goruntime/mgcmark.goruntime/stack.goruntime/mgcstack.goruntime/string.goruntime/mgcscavenge.goruntime/time.goruntime/mranges.goruntime/mpagealloc.goruntime/mpallocbits.goruntime/mpagecache.goruntime/mpagealloc_64bit.goruntime/mspanset.goruntime/netpoll_windows.goruntime/preempt.goruntime/pagetrace_off.goruntime/panic.goruntime/signal_windows.goruntime/pinner.goruntime/symtabinl.goruntime/write_err.goruntime/runtime.goruntime/rwmutex.goruntime/trace2.goruntime/sigqueue.goruntime/slice.goruntime/sys_x86.goruntime/stkframe.goruntime/syscall_windows.goruntime/trace2buf.goruntime/trace2time.goruntime/trace2status.goruntime/trace2event.goruntime/trace2map.goruntime/trace2region.goruntime/trace2stack.goruntime/trace2string.goruntime/unsafe.goruntime/utf8.goruntime/asm.sruntime/asm_amd64.sruntime/duff_amd64.sruntime/memclr_amd64.sruntime/memmove_amd64.sruntime/preempt_amd64.sruntime/rt0_windows_amd64.sruntime/sys_windows_amd64.sruntime/time_windows_amd64.sruntime/zcallback_windows.sinternal/syscall/windows/sysdll/sysdll.gosync/map.gosync/mutex.gosync/once.gosync/pool.gosync/poolqueue.gosync/runtime.gounicode/utf16/utf16.gointernal/reflectlite/type.goerrors/wrap.goerrors/errors.gointernal/itoa/itoa.gounicode/utf8/utf8.gosyscall/syscall_windows.gosyscall/zsyscall_windows.gosyscall/dll_windows.gosyscall/syscall.gosyscall/wtf8_windows.gogithub.com/gonutz/ide@v0.0.0-

Source: unknown	Process created: C:\Users\user\Desktop\1x6jzcZeRu.exe "C:\Users\user\Desktop\1x6jzcZeRu.exe"
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: cryptnet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: cabinet.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Section loaded: ncryptsslp.dll	Jump to behavior

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: 1x6jzcZeRu.exe

Static file information: File size 1625600 > 1048576

Source: 1x6jzcZeRu.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: 1x6jzcZeRu.exe	Static PE information: section name: .xdata
Source: 1x6jzcZeRu.exe	Static PE information: section name: .symtab

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_3_0000014673FE03E2 push cs; retf	0_3_0000014673FE03E3
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_3_0000014673FE29A1 push ds; ret	0_3_0000014673FE29F7
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_3_0000014673FE08EE push ss; iretd	0_3_0000014673FE08F5
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_3_0000014673FE508E push edi; iretd	0_3_0000014673FE508F
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467403AD58 push ebp; iretd	0_2_000001467403AD59
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467403971E push cs; retf	0_2_000001467403971F
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467404977E push EC9DD3C7h; retf	0_2_000001467404978C
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467405A84F push ebp; iretd	0_2_000001467405A850
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467405A86F push ebp; iretd	0_2_000001467405A870
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467405A898 push ebp; iretd	0_2_000001467405A899
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467403F901 push ebx; iretd	0_2_000001467403F902
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467403B91C pushad ; retf	0_2_000001467403B91D
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Code function: 0_2_000001467403935D push edi; iretd	0_2_000001467403935E

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot			Jump to behavior
Source: C:\Users\user\Desktop\1x6jzcZeRu.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT			Jump to behavior

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Process information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_000C4E60 rdtscp

0_2_000C4E60

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe TID: 6892

Thread sleep time: -34376s >= -30000s

Jump to behavior

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_000921E0 GetProcessAffinityMask,GetSystemInfo,

0_2_000921E0

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Thread delayed: delay time: 34376

Jump to behavior

Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: 1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW)
Source: 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@

Anti Debugging

Potentially malicious time measurement code found

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_000C4E60 Start: 000C4E69 End: 000C4E7F

0_2_000C4E60

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_000C4E60 rdtscp

0_2_000C4E60

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Code function: 0_2_0000014674044E28 GetUserNameA,strrchr,_snprintf,

0_2_0000014674044E28

Source: C:\Users\user\Desktop\1x6jzcZeRu.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Remote Access Functionality

Yara detected CobaltStrike

Source: Yara match	File source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2888862525.0000014674061000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1x6jzcZeRu.exe PID: 6868, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 Process Injection	11 Virtualization/Sandbox Evasion	11 Input Capture	1 Query Registry	Remote Services	11 Input Capture	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 DLL Side-Loading	1 Process Injection	LSASS Memory	11 Security Software Discovery	Remote Desktop Protocol	1 Archive Collected Data	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	11 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	3 Obfuscated Files or Information	NTDS	1 Account Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	3 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
1x6jzcZeRu.exe	47%	ReversingLabs	Win64.Backdoor.Cobeacon
1x6jzcZeRu.exe	60%	Virustotal		Browse

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://code.jquery.com/	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsography	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06M	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsV	0%	Avira URL Cloud	safe
https://156.255.2.100/	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsY	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/dlliCe	0%	Avira URL Cloud	safe
https://156.255.2.100/	1%	Virustotal		Browse
https://156.255.2.100:18896/	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsyptnetUrlCache	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jspXS	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/	5%	Virustotal		Browse
https://156.255.2.100:18896/jquery-3.3.1.min.js$Y	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsl	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js.	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsl	4%	Virustotal		Browse
https://156.255.2.100:18896/jquery-3.3.1.min.js2	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js	4%	Virustotal		Browse
http://code.jquery.com/	1%	Virustotal		Browse
https://156.255.2.100:18896/jquery-3.3.1.min.jsr	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsxX	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js9	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsoint:V	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/SMF	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider9	0%	Avira URL Cloud	safe
http://code.jquery.com/9	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsy~Z	0%	Avira URL Cloud	safe
http://code.jquery.com/9	1%	Virustotal		Browse
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider	0%	Avira URL Cloud	safe
156.255.2.100	0%	Virustotal		Browse
156.255.2.100	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.js%	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider8Xk	0%	Avira URL Cloud	safe
https://156.255.2.100:18896/l	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

⊘No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
156.255.2.100	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://156.255.2.100:18896/jquery-3.3.1.min.js53011b87bd06M	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://code.jquery.com/	1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4FA000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsography	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsV	1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100/	1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsY	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/dlliCe	1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/	1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	5%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsyptnetUrlCache	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider	1x6jzcZeRu.exe, 00000000.00000003.2102918478.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jspXS	1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js$Y	1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsl	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js.	1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	4%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js2	1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsr	1x6jzcZeRu.exe, 00000000.00000003.2102786401.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4DD000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsxX	1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js9	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D4B4000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsoint:V	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/SMF	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsrovider9	1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://code.jquery.com/9	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D464000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsy~Z	1x6jzcZeRu.exe, 00000000.00000003.1865259540.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider	1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.js%	1x6jzcZeRu.exe, 00000000.00000002.2888368200.000001464D532000.00000004.00000020.00020000.00000000.sdmp, 1x6jzcZeRu.exe, 00000000.00000003.1865495196.000001464D532000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/jquery-3.3.1.min.jsvider8Xk	1x6jzcZeRu.exe, 00000000.00000002.2889081795.0000014674A09000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://156.255.2.100:18896/l	1x6jzcZeRu.exe, 00000000.00000003.1848453343.000001464D52F000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
156.255.2.100	unknown	Seychelles		137443	ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1483408
Start date and time:	2024-07-27 11:18:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	1x6jzcZeRu.exe renamed because original name is a hash value
Original Sample Name:	7266644b3b822760ed8fe66104251bec8ba51f8f01581d40e1e807ca82dd09d8.exe
Detection:	MAL
Classification:	mal100.troj.evad.mine.winEXE@2/2@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 98% Number of executed functions: 20 Number of non-executed functions: 67
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 93.184.221.240
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, ctldl.windowsupdate.com, wu-b-net.trafficmanager.net, wu.azureedge.net, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtDeviceIoControlFile calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:18:56	API Interceptor	1x Sleep call for process: 1x6jzcZeRu.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ANCHGLOBAL-AS-APAnchnetAsiaLimitedHK	stock request.exe	Get hash	malicious	FormBook	Browse	154.204.175.188
	LisectAVT_2403002B_92.exe	Get hash	malicious	Unknown	Browse	154.91.34.211
	LisectAVT_2403002B_92.exe	Get hash	malicious	Unknown	Browse	154.91.34.211
	94.156.8.9-skid.arm-2024-07-23T17_40_08.elf	Get hash	malicious	Mirai, Moobot	Browse	156.241.153.118
	94.156.8.9-skid.x86-2024-07-23T17_40_07.elf	Get hash	malicious	Mirai, Moobot	Browse	156.253.18.69
	94.156.8.9-skid.ppc-2024-07-23T17_40_07.elf	Get hash	malicious	Mirai, Moobot	Browse	118.184.11.245
	45.66.231.148-sparc-2024-07-21T13_11_25.elf	Get hash	malicious	Mirai	Browse	156.241.153.166
	nell.doc	Get hash	malicious	FormBook	Browse	156.241.141.214
	95DVgihS4k.elf	Get hash	malicious	Unknown	Browse	103.73.160.117
	Project Execution Order - (PO 546788) (PO 546789).exe	Get hash	malicious	FormBook	Browse	156.241.138.81

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\1x6jzcZeRu.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	71954
Entropy (8bit):	7.996617769952133
Encrypted:	true
SSDEEP:	1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
MD5:	49AEBF8CBD62D92AC215B2923FB1B9F5
SHA1:	1723BE06719828DDA65AD804298D0431F6AFF976
SHA-256:	B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
SHA-512:	BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..\|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........\|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.\|.c.&>?..^t. ..;..X.d.E.0G....[Q.,......#.Dp..L.o\|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Users\user\Desktop\1x6jzcZeRu.exe
File Type:	data
Category:	modified
Size (bytes):	328
Entropy (8bit):	3.1308289295445633
Encrypted:	false
SSDEEP:	6:kKn39UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:PGDnLNkPlE99SNxAhUe/3
MD5:	CD726921FEC288AD6E0055A1CE53DF63
SHA1:	81B79C2B4E8310EE62149E8C020D54175AED0A08
SHA-256:	BCA15DD489D1B582F23B13F5D23FBEABD24ED01DA2EE44AAE7FDA05FB0654F26
SHA-512:	6A316A9685A261B954E00CC23B9A588A4D832EEEDB409ACC4D60B79F999EDF32166223288E8A5C22FFC57953C91C90F7DE7ACB7093EF4C1BBB61FD0B901B7732
Malicious:	false
Reputation:	low
Preview:	p...... ..........X.....(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

Static File Info

General

File type:	PE32+ executable (console) x86-64, for MS Windows
Entropy (8bit):	6.517580564741937
TrID:	Win64 Executable Console (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	1x6jzcZeRu.exe
File size:	1'625'600 bytes
MD5:	92ffd5a24bf3942ffa7ac182e4e0c171
SHA1:	7c69105624bb5c58643288bb8d419abfd3cd6e1e
SHA256:	7266644b3b822760ed8fe66104251bec8ba51f8f01581d40e1e807ca82dd09d8
SHA512:	e3fef5aabd9fb64227aa6f4d4d372da998871ffec8f985396d56e04b395942a7df47d800bb330e3509ba60021832f19ccb9b705547e81f394ea88f095d55028e
SSDEEP:	24576:7iU7pMzxRZ09VSkbDj9yOVQNs8cotbCXcOhJJpQaoLJi7:mVR+9VSkvjRQNsLotuPfKJ
TLSH:	39755B5BBCA004BAD4BE5332896651A17A32BC590F3123CB2A90F37C2F76BD55E75B10
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d................."......,... .......e........@...............................!...........`... ............................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x466580
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows cui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x0 [Thu Jan 1 00:00:00 1970 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	1
File Version Major:	6
File Version Minor:	1
Subsystem Version Major:	6
Subsystem Version Minor:	1
Import Hash:	c2d457ad8ac36fc9f18d45bffcd450c2

Entrypoint Preview

Instruction
jmp 00007F65C07FAC10h
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
dec eax
mov ebp, esp
pushfd
cld
dec eax
sub esp, 000000E0h
dec eax
mov dword ptr [esp], edi
dec eax
mov dword ptr [esp+08h], esi
dec eax
mov dword ptr [esp+10h], ebp
dec eax
mov dword ptr [esp+18h], ebx
dec esp
mov dword ptr [esp+20h], esp
dec esp
mov dword ptr [esp+28h], ebp
dec esp
mov dword ptr [esp+30h], esi
dec esp
mov dword ptr [esp+38h], edi
movups dqword ptr [esp+40h], xmm6
movups dqword ptr [esp+50h], xmm7
inc esp
movups dqword ptr [esp+60h], xmm0
inc esp
movups dqword ptr [esp+70h], xmm1
inc esp
movups dqword ptr [esp+00000080h], xmm2
inc esp
movups dqword ptr [esp+00000090h], xmm3
inc esp
movups dqword ptr [esp+000000A0h], xmm4
inc esp
movups dqword ptr [esp+000000B0h], xmm5
inc esp
movups dqword ptr [esp+000000C0h], xmm6
inc esp
movups dqword ptr [esp+000000D0h], xmm7
inc ebp
xorps xmm7, xmm7
dec ebp
xor esi, esi
dec eax
mov eax, dword ptr [001A5CEAh]
dec eax
mov eax, dword ptr [eax]
dec eax
cmp eax, 00000000h
je 00007F65C07FE495h
dec esp
mov esi, dword ptr [eax]
dec eax
sub esp, 10h
dec eax
mov eax, ecx
dec eax
mov ebx, edx
call 00007F65C0801B8Bh

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x215000	0x554	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x210000	0x3cf0	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x216000	0x31e4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x1751c0	0x180	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x82bd7	0x82c00	e880f09fc37aa4d623428fc2a338bd81	False	0.47565689232791586	data	6.249384969620633	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x84000	0xf00a8	0xf0200	3ce5e32aa86a5abb056c6fbc89b75835	False	0.5978168922436231	data	6.53076129552686	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x175000	0x9ade0	0x12000	46803bed53047f0a7b40b229fd50ddd8	False	0.16512044270833334	data	2.0562844716891457	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x210000	0x3cf0	0x3e00	27489a23718f3fb15dad6db3ee9039ae	False	0.400390625	data	5.082024253206653	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.xdata	0x214000	0xb4	0x200	9cdef3e350ad19366f06c3ed5402ef02	False	0.228515625	shared library	1.787112262798912	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.idata	0x215000	0x554	0x600	a59b29343f1a2933a73430b1f45b7f0e	False	0.3802083333333333	data	4.007555744272892	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.reloc	0x216000	0x31e4	0x3200	1ef9aef8a9813b37f5b0cf764a513608	False	0.349921875	data	5.399125414876283	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
.symtab	0x21a000	0x4	0x200	07b5472d347d42780469fb2654b7fc54	False	0.02734375	data	0.020393135236084953	IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

kernel32.dll

WriteFile, WriteConsoleW, WerSetFlags, WerGetFlags, WaitForMultipleObjects, WaitForSingleObject, VirtualQuery, VirtualFree, VirtualAlloc, TlsAlloc, SwitchToThread, SuspendThread, SetWaitableTimer, SetProcessPriorityBoost, SetEvent, SetErrorMode, SetConsoleCtrlHandler, RtlVirtualUnwind, RtlLookupFunctionEntry, ResumeThread, RaiseFailFastException, PostQueuedCompletionStatus, LoadLibraryW, LoadLibraryExW, SetThreadContext, GetThreadContext, GetSystemInfo, GetSystemDirectoryA, GetStdHandle, GetQueuedCompletionStatusEx, GetProcessAffinityMask, GetProcAddress, GetErrorMode, GetEnvironmentStringsW, GetCurrentThreadId, GetConsoleMode, FreeEnvironmentStringsW, ExitProcess, DuplicateHandle, CreateWaitableTimerExW, CreateThread, CreateIoCompletionPort, CreateFileA, CreateEventA, CloseHandle, AddVectoredExceptionHandler, AddVectoredContinueHandler

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Source Port	Dest Port	Source IP	Dest IP
2024-07-27T11:19:15.402248+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	49741	13.85.23.86	192.168.2.4
2024-07-27T11:19:56.111075+0200	TCP	2022930	ET EXPLOIT Possible CVE-2016-2211 Symantec Cab Parsing Buffer Overflow	443	54130	52.165.165.26	192.168.2.4
2024-07-27T11:18:57.161297+0200	TCP	2841527	ETPRO MALWARE Observed Malicious SSL Cert (Cobalt Strike CnC)	18896	49730	156.255.2.100	192.168.2.4
2024-07-27T11:18:55.720979+0200	TCP	2028765	ET JA3 Hash - [Abuse.ch] Possible Dridex	49730	18896	192.168.2.4	156.255.2.100

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 11:18:54.799035072 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:54.807065010 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:54.807200909 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:54.821679115 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:54.827085972 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:55.720530033 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:55.720978975 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:55.992680073 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:55.992858887 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:57.155340910 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:57.161297083 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:57.475883961 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:57.476300955 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:57.739346027 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:57.739552021 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:57.741928101 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:57.747013092 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.118354082 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.118587017 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.118675947 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.118880033 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.119637012 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.119688034 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.119817019 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.119817972 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.121362925 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.121436119 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.121994972 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.122026920 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.122055054 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.122056961 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.122082949 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.122107983 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.122286081 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.122318983 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.127410889 CEST	18896	49730	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.127505064 CEST	49730	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.230328083 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.236887932 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.237114906 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.237348080 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:58.242795944 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:58.242835999 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.110177994 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.110476017 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.371865988 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.371985912 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.372317076 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.373270988 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.377748013 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.378766060 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.898180008 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.898387909 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.898778915 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.898874044 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.899385929 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.899441957 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.899445057 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.899486065 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.901515961 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.901565075 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.902137995 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.902168036 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.902190924 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.902196884 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.902204037 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.902240992 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.902435064 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.902460098 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.907371044 CEST	18896	49732	156.255.2.100	192.168.2.4
Jul 27, 2024 11:18:59.907527924 CEST	49732	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:18:59.995945930 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:00.001338959 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:00.001537085 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:00.001782894 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:00.006899118 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:00.007272005 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:00.910238981 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:00.910332918 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.186378002 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.186547995 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.186912060 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.187676907 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.192317009 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.192843914 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.752155066 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.752362013 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.752769947 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.752943993 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.753164053 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.753200054 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.753338099 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.753338099 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.755158901 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.755192041 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.755223036 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.755316019 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.755316973 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.755316973 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.755417109 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.755417109 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.758549929 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.758624077 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.760555983 CEST	18896	49733	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.760632038 CEST	49733	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.777443886 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.782932043 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.783101082 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.783246040 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:01.788738966 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:01.788774967 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:02.677102089 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:02.677184105 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:02.940149069 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:02.940315962 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:02.940557003 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:02.941487074 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:02.945620060 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:02.947019100 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.481846094 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.482105970 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.482428074 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.482625961 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.482978106 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.483030081 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.483041048 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.483072996 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.484910011 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.484983921 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.485379934 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.485410929 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.485435963 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.485441923 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.485466003 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.485488892 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.485793114 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.485824108 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.490681887 CEST	18896	49734	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.490847111 CEST	49734	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.590002060 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.597713947 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.598005056 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.598409891 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:03.603588104 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:03.603647947 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:04.490174055 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:04.490361929 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:04.747421026 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:04.747607946 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:04.747988939 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:04.748797894 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:04.753650904 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:04.754257917 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.275058985 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.275532961 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.276047945 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.276321888 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.276340008 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.276381016 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.276381969 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.276381969 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.278340101 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.278374910 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.278409958 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.278455973 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.278681040 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.278681040 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.280237913 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.280318022 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.283550978 CEST	18896	49735	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.283734083 CEST	49735	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.355576038 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.362015009 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.362227917 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.362469912 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:05.367749929 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:05.367794991 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.260690928 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.260907888 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.514305115 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.514692068 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.515091896 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.515789986 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.520387888 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.520920038 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.833543062 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.833719015 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.834439039 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.834599972 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.834677935 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.834717035 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.834732056 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.834758997 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.836739063 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.836772919 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.836788893 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.836806059 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.836818933 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.836848974 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.837115049 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.837131023 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.838499069 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.838552952 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.842427969 CEST	18896	49736	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.842617035 CEST	49736	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.933660984 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.939187050 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.939280987 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.939693928 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:06.945090055 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:06.945126057 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:07.861638069 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:07.861821890 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.129601955 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.129861116 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.130279064 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.131241083 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.135519028 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.136403084 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.680515051 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.680943012 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.681174994 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.681226015 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.681332111 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.681333065 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.683131933 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.683178902 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.683325052 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.683325052 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.683669090 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.683669090 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.685097933 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.685170889 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.689460039 CEST	18896	49737	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.689634085 CEST	49737	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.730395079 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.736789942 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.736998081 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.737343073 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:08.743351936 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:08.743731022 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:09.618680000 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:09.618910074 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:09.872136116 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:09.872303963 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:09.873076916 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:09.875730038 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:09.879280090 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:09.881886959 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.400273085 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.400501966 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.400635958 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.400737047 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.401803017 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.401839972 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.401901960 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.401969910 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.403937101 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.404031992 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.404084921 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.404118061 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.404167891 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.404263973 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.404623032 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.404660940 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.405785084 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.405889988 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.411309958 CEST	18896	49738	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.411461115 CEST	49738	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.496464968 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.502756119 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.502963066 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.503074884 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:10.508433104 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:10.508475065 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:11.386279106 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:11.386372089 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:11.651915073 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:11.652388096 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:11.652940035 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:11.654300928 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:11.658773899 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:11.660578966 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.179307938 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.179517031 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.179635048 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.179904938 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.180392027 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.180571079 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.180593967 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.180639029 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.181782961 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.181818008 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.181953907 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.181953907 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.184037924 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.184072018 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.184103012 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.184127092 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.184165001 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.184165001 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.186940908 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.186979055 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.192764997 CEST	18896	49739	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.192940950 CEST	49739	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.230722904 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.236356020 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.236552954 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.236879110 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:12.242121935 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:12.242646933 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.166992903 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.167108059 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.455677032 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.455753088 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.456254959 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.457642078 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.462574959 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.462589025 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.796144962 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.796617031 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.796811104 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.797096968 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.797247887 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.797338009 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.797605991 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.798651934 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.798667908 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.798702955 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.798779964 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.800924063 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.800940990 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.801224947 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.801224947 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.801282883 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.806317091 CEST	18896	49740	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.806474924 CEST	49740	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.887036085 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.895474911 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.896083117 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.896083117 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:13.901490927 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:13.902781963 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:14.997071981 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:14.997292042 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.258481026 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.259628057 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.259769917 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.265047073 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.365665913 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.371835947 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.783660889 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.784363985 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.784585953 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.784976006 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.785023928 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.785154104 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.785154104 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.787096024 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.787142038 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.787283897 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.787283897 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.787370920 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.787372112 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.788702011 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.788772106 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.792759895 CEST	18896	49742	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.793088913 CEST	49742	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.824242115 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.829716921 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.833220005 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.833308935 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:15.840042114 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:15.840085030 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:16.727749109 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:16.727840900 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:16.981503963 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:16.981709003 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:16.982023001 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:16.988532066 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.051904917 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.287476063 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.592719078 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.592943907 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.593229055 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.593277931 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.593389988 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.593389988 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.594090939 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.594136953 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.594156981 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.594193935 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.595151901 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.595181942 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.595205069 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.595211029 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.595217943 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.595271111 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.595395088 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.595410109 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.600442886 CEST	18896	49746	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.600549936 CEST	49746	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.683789968 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.690279007 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.691138983 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.691447020 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:17.698509932 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:17.699496984 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:18.561162949 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:18.561264038 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:18.841276884 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:18.841378927 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:18.841684103 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:18.845999002 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:18.850244045 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:18.878895044 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.369205952 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.369262934 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.369581938 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.370193958 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.370246887 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.370428085 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.370428085 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371431112 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.371494055 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371618986 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.371649981 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.371668100 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371680975 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.371691942 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371726990 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371855974 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.371872902 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.376804113 CEST	18896	49749	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.376866102 CEST	49749	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.449170113 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.459949970 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.460037947 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.460387945 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:19.466135025 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:19.466171980 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:20.420795918 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:20.420902967 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:20.690943003 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:20.691092014 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:20.691330910 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:20.692308903 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:20.696677923 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:20.698925972 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.260644913 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.260878086 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.260881901 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.260965109 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.261384010 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.261416912 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.261446953 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.261487961 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.262412071 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.262440920 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.262479067 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.262480021 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.263185024 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.263236046 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.263247967 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.263267040 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.263309002 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.263333082 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.263484955 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.263514996 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.268331051 CEST	18896	54110	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.268399954 CEST	54110	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.324193954 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.329366922 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.329556942 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.329713106 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:21.334769964 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:21.334852934 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.206435919 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.206748962 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.462975025 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.465102911 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.465460062 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.466350079 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.471651077 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.472263098 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.807826042 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.808096886 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.808326960 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.808377981 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.808554888 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.808554888 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.809278011 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.809323072 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.809343100 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.809380054 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.809591055 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.809622049 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.810836077 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.810902119 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.822249889 CEST	18896	54111	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.822328091 CEST	54111	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.886584044 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.892241001 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.892441034 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.892777920 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:22.897957087 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:22.898787022 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:23.799838066 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:23.799901009 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.062668085 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.062854052 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.063282013 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.064727068 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.068315983 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.069711924 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.592570066 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.592672110 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.593030930 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.593117952 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.593687057 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.593739033 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.593754053 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.593799114 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.594760895 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.594815969 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.594825983 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.594865084 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.595199108 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.595210075 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.595799923 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.595859051 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.600035906 CEST	18896	54112	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.600101948 CEST	54112	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.683800936 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.688987017 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.689081907 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.689505100 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:24.694513083 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:24.695633888 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:25.626885891 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:25.627006054 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:25.908597946 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:25.908792973 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:25.908967972 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:25.909893990 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:25.913840055 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:25.914794922 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.278835058 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.279031992 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.279406071 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.279469967 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.279987097 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.280025005 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.280040026 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.280069113 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.281207085 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.281301022 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.281593084 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.281646013 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.282299042 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.282331944 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.282361984 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.282378912 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.282504082 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.282522917 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.287343025 CEST	18896	54113	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.287421942 CEST	54113	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.355420113 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.362092018 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.362179041 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.362549067 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:26.368330002 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:26.368360996 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:27.277189016 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:27.277267933 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:27.562107086 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:27.562197924 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:27.562599897 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:27.564040899 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:27.567744970 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:27.569000006 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.132453918 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.132575989 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.132682085 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.132752895 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.132996082 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.133059978 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.133194923 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.133260965 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.133970976 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.134006023 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.134042025 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.134082079 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.135566950 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.135600090 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.135627985 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.135632038 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.135652065 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.135689020 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.135895014 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.135965109 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.140714884 CEST	18896	54114	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.140789032 CEST	54114	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.199234009 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.204684019 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.204905033 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.205141068 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:28.210123062 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:28.215842009 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.124958038 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.125382900 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.386908054 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.387222052 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.395674944 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.396642923 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.400644064 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.401525974 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.920948982 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.921174049 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.921561003 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.921664000 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.923851967 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.923903942 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.923912048 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.923947096 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.928669930 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.928809881 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.930033922 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.930068016 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.930085897 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.930099964 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.930111885 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.930145025 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.930282116 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.930304050 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.935208082 CEST	18896	54115	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.935280085 CEST	54115	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.980396032 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.986390114 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.986475945 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.986711025 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:29.992345095 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:29.992877960 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:30.906290054 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:30.906559944 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.188472986 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.188810110 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.189107895 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.190511942 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.194236040 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.195612907 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.770546913 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.770683050 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.771034956 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.771120071 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.772886038 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.772922993 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.772970915 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.773004055 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.776469946 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:31.776576042 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.777195930 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.777196884 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:31.808505058 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.084419012 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.084558010 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.084647894 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.084865093 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.085549116 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.085716963 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.088421106 CEST	18896	54116	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.088515043 CEST	54116	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.088771105 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.088856936 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.089344978 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:32.094270945 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:32.094322920 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.749581099 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.749634981 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.749676943 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.749682903 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.749720097 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.749881983 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.750118971 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.750844002 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.750900984 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.751058102 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.755242109 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.755296946 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:33.756181955 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:33.756272078 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.064558029 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.064615965 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.064646006 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.064677954 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.065246105 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.065279961 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.065296888 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.065320015 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067436934 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.067476034 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.067492962 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067506075 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.067517042 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067538023 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.067550898 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067585945 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067763090 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.067796946 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.072691917 CEST	18896	54117	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.072756052 CEST	54117	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.121105909 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.126218081 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.126389980 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.126627922 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:34.131508112 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.131652117 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.997776985 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:34.997854948 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.262253046 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.262648106 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.262819052 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.263686895 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.268760920 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.268810034 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.574299097 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.574348927 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.574502945 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.574503899 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.575278044 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.575308084 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.575329065 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.575339079 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.575347900 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.575376987 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.577466965 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.577501059 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.577529907 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.577532053 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.577542067 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.577567101 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.577583075 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.577614069 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.592741013 CEST	54118	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.598455906 CEST	18896	54118	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.606161118 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.611177921 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.611383915 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.611808062 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:35.616884947 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:35.616914034 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:36.482371092 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:36.482496023 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:36.743258953 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:36.743755102 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:36.743849993 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:36.744784117 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:36.748764992 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:36.750250101 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.267932892 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.268023968 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.268189907 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.268254042 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.268688917 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.268727064 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.268759012 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.268795013 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.270733118 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.270806074 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.271208048 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.271267891 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.272185087 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.272217035 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.272249937 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.272290945 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.272438049 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.272470951 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.277818918 CEST	18896	54119	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.277884007 CEST	54119	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.308685064 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.316337109 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.316425085 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.316662073 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:37.326152086 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:37.326193094 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:38.224622965 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:38.225056887 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:38.491883993 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:38.491971016 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:38.492352962 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:38.493837118 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:38.500770092 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:38.500802040 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.038589954 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.038661003 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.038681030 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.038727999 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.039544106 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.039581060 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.039593935 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.039623976 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.041492939 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.041527987 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.041554928 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.041562080 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.041574001 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.041595936 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.041608095 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.041644096 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.043214083 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.043236017 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.049058914 CEST	18896	54120	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.049119949 CEST	54120	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.074954987 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.081643105 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.081720114 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.084274054 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:39.090578079 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.091917038 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.974785089 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:39.974891901 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.231564999 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.231652021 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.234028101 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.235496044 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.239696980 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.241539955 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.761080027 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.761174917 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.761188030 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.761246920 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.762025118 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.762063980 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.762084961 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.762109995 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.763962984 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.764022112 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.764870882 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.764902115 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.764930964 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.764936924 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.764956951 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.764997005 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.794850111 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.794850111 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.799961090 CEST	18896	54121	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.800030947 CEST	54121	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.871133089 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.876385927 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.876514912 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.876734972 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:40.881716013 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:40.881771088 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:41.806485891 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:41.806576967 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.080801010 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.080878019 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.081228971 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.082164049 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.086157084 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.087022066 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.650324106 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.650415897 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.650748014 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.650810957 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.651300907 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.651339054 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.651366949 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.651397943 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.653259993 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.653294086 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.653318882 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.653346062 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.653513908 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.653548002 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.654855967 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.654917002 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.659574032 CEST	18896	54122	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.659636974 CEST	54122	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.747999907 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.753582001 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.753681898 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.753917933 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:42.759458065 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:42.759896994 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:43.678659916 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:43.678725958 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:43.921173096 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:43.921289921 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:43.921601057 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:43.922925949 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:43.926400900 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:43.927758932 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.260536909 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.260636091 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.260849953 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.260849953 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.261626005 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.261678934 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.261682034 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.261718988 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.262769938 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.262808084 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.262815952 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.262849092 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.264664888 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.264700890 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.264722109 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.264744997 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.361495972 CEST	54123	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.367923975 CEST	18896	54123	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.386657000 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.393074036 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.393163919 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.393418074 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:44.399749994 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:44.399779081 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:45.293391943 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:45.293591022 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:45.546503067 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:45.546600103 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:45.546938896 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:45.548212051 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:45.551964045 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:45.553107977 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.075520039 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.075639963 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.076122046 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.076159000 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.076189995 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.076226950 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.077826023 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.077889919 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.078599930 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.078659058 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.079560041 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.079591990 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.079633951 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.079665899 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.079786062 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.079817057 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.084770918 CEST	18896	54124	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.084839106 CEST	54124	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.152247906 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.161753893 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.161983967 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.162389040 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:46.167574883 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:46.169200897 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.085464954 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.085568905 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.379115105 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.379199982 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.408953905 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.409995079 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.414110899 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.415038109 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.981117010 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.981195927 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.981527090 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.981586933 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.982029915 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.982068062 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.982101917 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.982125998 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.983927965 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.983962059 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.983997107 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.984003067 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.984031916 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.984056950 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.984196901 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.984216928 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:47.989027977 CEST	18896	54125	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:47.989089966 CEST	54125	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:48.058617115 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:48.065361023 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:48.065450907 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:48.065794945 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:48.071003914 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:48.071033955 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:48.957304001 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:48.957432985 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.216561079 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.216675043 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.216952085 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.217972994 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.222198963 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.222970963 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.767606974 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.767663002 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.767776966 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.767776966 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.768323898 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.768359900 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.768393040 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.768408060 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773530960 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.773570061 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.773582935 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773601055 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.773618937 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773633957 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.773650885 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773683071 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773958921 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.773988962 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.774394989 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.774452925 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.779011011 CEST	18896	54126	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.779063940 CEST	54126	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.839797020 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.845628023 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.845729113 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.845988989 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:49.852535009 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:49.852565050 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:50.744524956 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:50.744663954 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:50.999389887 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:50.999476910 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:50.999762058 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.000930071 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.005651951 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.006172895 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.532821894 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.532989025 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.533030987 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.533123016 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.533843994 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.533896923 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.534024954 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.534024954 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.535644054 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.535687923 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.535722017 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.535830021 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.535830021 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.535830021 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.535923958 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.535948038 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.537240028 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.537318945 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.544609070 CEST	18896	54127	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.544837952 CEST	54127	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.636797905 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.650979042 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.651158094 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.651433945 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:51.659250975 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:51.660073042 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:52.610285997 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:52.610403061 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:52.936578989 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:52.936670065 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:52.936964035 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:52.937921047 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:52.941829920 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:52.943193913 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.507486105 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.507628918 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.507859945 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.508007050 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.508594036 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.508624077 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.508677959 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.508677959 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.509766102 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.509798050 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.509860992 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.509860992 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.511172056 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.511200905 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.511234045 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.511284113 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.511284113 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.511284113 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.511666059 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.511666059 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.516618967 CEST	18896	54128	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.516689062 CEST	54128	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.542929888 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.548038960 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.548135042 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.555243969 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:53.560360909 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:53.560628891 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:54.431075096 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:54.431402922 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:54.698769093 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:54.698944092 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:54.699141026 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:54.700053930 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:54.703939915 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:54.704960108 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.230695009 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.230777979 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.231198072 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.231235981 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.231264114 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.231288910 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.233170033 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.233203888 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.233227968 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.233236074 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.233263969 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.233283043 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.233423948 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.233454943 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.238399029 CEST	18896	54129	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.238466978 CEST	54129	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.262183905 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.268588066 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.268671989 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.268855095 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:55.273794889 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:55.273968935 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.153120041 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.153193951 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.415618896 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.415735006 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.416027069 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.417001963 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.420876026 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.422065020 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.941175938 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.941260099 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.942084074 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.942146063 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.942662954 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.942699909 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.942747116 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.942747116 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.944899082 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.944935083 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.944969893 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.944982052 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.944983006 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.945004940 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.945059061 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.945059061 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.945207119 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.945322990 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:56.952771902 CEST	18896	54131	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:56.952838898 CEST	54131	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:57.059120893 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:57.064673901 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:57.064870119 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:57.064964056 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:57.071363926 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:57.071964025 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:57.943062067 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:57.943155050 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.197462082 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.197535038 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.197837114 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.198823929 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.202641964 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.203619957 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.721102953 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.721203089 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.721370935 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.721435070 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.721757889 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.721772909 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.721796989 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.721823931 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.722580910 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.722594976 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.722615957 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.722641945 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.723299026 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.723311901 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.723325968 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.723350048 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.723378897 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.723556995 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.723587036 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.728379965 CEST	18896	54132	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.728439093 CEST	54132	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.809206009 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.814094067 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.814193010 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.814405918 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:19:58.819232941 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:58.819340944 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:59.757186890 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:19:59.757282972 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.036181927 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.036288023 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.037905931 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.038691044 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.042805910 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.043507099 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.609507084 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.609596968 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.609925985 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.609982967 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.610196114 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.610209942 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.610245943 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.610280991 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.610970974 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.610986948 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.611022949 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.611042976 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.611743927 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.611757994 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.611771107 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.611798048 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.611824036 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.611999989 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.612025976 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.617017984 CEST	18896	54133	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.617192984 CEST	54133	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.684030056 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.688895941 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.688996077 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.689184904 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:00.693993092 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:00.694050074 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:01.560328007 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:01.560400009 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:01.822004080 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:01.822113037 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:01.822515011 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:01.824023962 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:01.827275991 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:01.828840971 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.348680973 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.348783016 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.348858118 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.348908901 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.349169016 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.349205971 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.349217892 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.349250078 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350359917 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.350394011 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.350409985 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350428104 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.350436926 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350459099 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.350472927 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350507021 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350788116 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.350801945 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.355604887 CEST	18896	54134	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.355674982 CEST	54134	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.449728012 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.455543041 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.455727100 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.455957890 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:02.460942030 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:02.461175919 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:03.365267038 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:03.365369081 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:03.640356064 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:03.640430927 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:03.643102884 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:03.643995047 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:03.648014069 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:03.649063110 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.214092016 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.214171886 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.215152979 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.215220928 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.215369940 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.215390921 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.215415001 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.215446949 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.216447115 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.216515064 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.216553926 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.216553926 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.216586113 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.216629028 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.217134953 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.217160940 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.222126007 CEST	18896	54135	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.222224951 CEST	54135	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.264935017 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.270049095 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.270172119 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.270718098 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:04.275857925 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:04.275922060 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.140315056 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.140446901 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.400412083 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.400540113 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.401247025 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.402798891 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.406337023 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.407944918 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.934575081 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.934688091 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.935348034 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.935400009 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.935556889 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.935569048 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.935601950 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.935638905 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.936702967 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.936712027 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.936726093 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.936737061 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.936744928 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.936815023 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.937076092 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.937109947 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.941915035 CEST	18896	54136	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.941973925 CEST	54136	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.981442928 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.986376047 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.987797976 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.988145113 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:05.992949009 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:05.993038893 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:06.896380901 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:06.896509886 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.073259115 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:08.073405981 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.074115992 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.074119091 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:08.074179888 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.075074911 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:08.075134993 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.075591087 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.075674057 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:08.075736046 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:08.082999945 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:08.083081961 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.327655077 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.327737093 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.327758074 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.327814102 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.328098059 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.328150034 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.328161955 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.328197956 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.329335928 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.329385996 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.329397917 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.329431057 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.329432011 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.329473972 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.329474926 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.329524994 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.330213070 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.330270052 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.331321001 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.333424091 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.333497047 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.387605906 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.617671967 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.617758036 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.618033886 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.618087053 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.618088007 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.618132114 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.619066954 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.619122982 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.620570898 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.620659113 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.620729923 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.621665001 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.621714115 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.621721983 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.621754885 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.621841908 CEST	18896	54137	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.621887922 CEST	54137	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.633460045 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:09.638390064 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:09.638433933 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:10.508805990 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:10.509031057 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:10.780184984 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:10.780261040 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:10.780797005 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:10.782686949 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:10.785666943 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:10.787575006 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.305179119 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.305277109 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.305416107 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.305479050 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.306077003 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.306129932 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.306133032 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.306179047 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.307205915 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.307255983 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.307260990 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.307300091 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.307307005 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.307360888 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.307585001 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.307615042 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.308233023 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.308295012 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.312376022 CEST	18896	54138	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.312436104 CEST	54138	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.340450048 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.345745087 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.345952988 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.346317053 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:11.351382017 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:11.351699114 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.255754948 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.255861998 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.530951023 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.531307936 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.531527042 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.532995939 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.539124966 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.539190054 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.868705034 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.869044065 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.869577885 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.869698048 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.869745016 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.869801044 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.869801044 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.869849920 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.870476961 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.870549917 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.870583057 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.870623112 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.871685982 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.871737957 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.871778965 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.871901989 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.872539043 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.872596025 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.877468109 CEST	18896	54139	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.877583981 CEST	54139	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.919892073 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.925209999 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.925357103 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.925977945 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:12.930845976 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:12.931102991 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:13.857263088 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:13.857348919 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.131913900 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.132056952 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.132453918 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.133774042 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.137873888 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.139410973 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.884054899 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.884124041 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.884392023 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.884497881 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.884772062 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.884818077 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.884824038 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.884871960 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886044979 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.886096954 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886540890 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.886584997 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.886591911 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886629105 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.886630058 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886677980 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886848927 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.886873007 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.891669989 CEST	18896	54140	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.891733885 CEST	54140	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.965359926 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.970253944 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.970355988 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.970562935 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:14.975476980 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:14.975620031 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:15.871828079 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:15.871978045 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.125983953 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.126072884 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.127419949 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.131695032 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.132668972 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.137470961 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.655874014 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.655987024 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.656058073 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.656119108 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.656414986 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.656466961 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.656514883 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.656555891 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.657361984 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.657406092 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.657428026 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.657460928 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.658149004 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.658201933 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.658215046 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.658251047 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.658276081 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.658324003 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.658451080 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.658478022 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.663271904 CEST	18896	54141	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.663335085 CEST	54141	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.762389898 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.768229008 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.768416882 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.768646002 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:16.773581028 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:16.773648977 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:17.637304068 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:17.637402058 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:17.900667906 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:17.900779009 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:17.912236929 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:17.913753033 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:17.917186022 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:17.919101954 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.438793898 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.438919067 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.439461946 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.439543962 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.439812899 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.439848900 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.439878941 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.439908981 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.441113949 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.441164970 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.441515923 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.441545963 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.441569090 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.441576958 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.441590071 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.441634893 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.443933010 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.443964958 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.448875904 CEST	18896	54142	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.448966980 CEST	54142	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.533399105 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.538386106 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.538476944 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.538667917 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:18.543750048 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:18.543795109 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:19.420789003 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:19.420866966 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:19.680810928 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:19.680926085 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:19.681324005 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:19.682651043 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:19.686187983 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:19.687557936 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.202759981 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.202830076 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.203321934 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.203380108 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.203499079 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.203546047 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.203641891 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.203701973 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.204394102 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.204430103 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.204444885 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.204476118 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.205292940 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.205322981 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.205348015 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.205353022 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.205368996 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.205399990 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.205512047 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.205527067 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.210571051 CEST	18896	54143	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.210623026 CEST	54143	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.246735096 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.251748085 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.251821041 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.252021074 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:20.257246017 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:20.257276058 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.148730993 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.148919106 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.406446934 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.408685923 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.409111977 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.410600901 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.413989067 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.415730000 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.940679073 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.940756083 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.941401005 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.941457033 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.941728115 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.941746950 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.941781044 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.941816092 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.943156958 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.943172932 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.943206072 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.943228006 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.943451881 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.943475008 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.944189072 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.944241047 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:21.948515892 CEST	18896	54144	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:21.948554993 CEST	54144	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:22.056750059 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:22.062683105 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:22.062896013 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:22.063587904 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:22.068608046 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:22.068623066 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:22.979387999 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:22.981247902 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.241662979 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.241976023 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.242252111 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.243252039 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.247273922 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.248296976 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.790285110 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.790474892 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.791088104 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.791126013 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.791173935 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.791173935 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.791754961 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.791789055 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.791815042 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.791841030 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.792005062 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.792037964 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.792644978 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.792715073 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.796933889 CEST	18896	54145	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.796993017 CEST	54145	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.824914932 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.830893040 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.830982924 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.831227064 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:23.836900949 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:23.836986065 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:24.743001938 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:24.743201971 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.035375118 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.035768032 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.036108971 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.036804914 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.042354107 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.043211937 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.602212906 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.602416992 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.602547884 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.602740049 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.602874041 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.603034019 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.603590965 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.603627920 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.603754997 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.603754997 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.604634047 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.604664087 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.604688883 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.604695082 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.604717016 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.604741096 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.604901075 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.604933023 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.609837055 CEST	18896	54146	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.609967947 CEST	54146	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.684473038 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.690301895 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.690395117 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.690633059 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:25.695456028 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:25.695557117 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:26.606302977 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:26.606496096 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:26.859474897 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:26.859574080 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:26.860002995 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:26.861068010 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:26.868119001 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:26.868741989 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.389775038 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.389971972 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.390784025 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.390834093 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.390851974 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.390875101 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.390882015 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.390919924 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392066002 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.392117977 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.392126083 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392158031 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.392172098 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392194986 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.392208099 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392245054 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392390013 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.392409086 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.399542093 CEST	18896	54147	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.399622917 CEST	54147	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.481311083 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.486651897 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.486860991 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.486985922 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:27.493243933 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:27.495475054 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.149437904 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.149482012 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.149775982 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.149775982 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.150310993 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.150494099 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.150554895 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.150612116 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.150784969 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.151686907 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.156656027 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.156721115 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.157186985 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.157217026 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.463762045 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.463854074 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.464234114 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.464301109 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.464504957 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.464561939 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.464570045 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.464617014 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.465753078 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.465806007 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.466408014 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.466443062 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.466469049 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.466491938 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.466626883 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.466649055 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.472740889 CEST	18896	54148	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.472820044 CEST	54148	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.527822971 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.533102036 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.533206940 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.533420086 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:29.538505077 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:29.538537025 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:30.429172993 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:30.429459095 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:30.684943914 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:30.685024977 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:30.685353994 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:30.686285019 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:30.690150023 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:30.691297054 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.210179090 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.210244894 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.210427046 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.210473061 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.210932016 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.210948944 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.210982084 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.210999012 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.212240934 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.212256908 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.212291002 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.212306976 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.213218927 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.213233948 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.213270903 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.213287115 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.213455915 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.213478088 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.218419075 CEST	18896	54149	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.218472004 CEST	54149	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.262240887 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.267294884 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.267395973 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.267643929 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:31.272572041 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:31.272656918 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.175986052 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.176182985 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.439661980 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.439735889 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.440143108 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.441566944 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.445038080 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.446532011 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.972609043 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.972903967 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.973185062 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.973347902 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.973385096 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.973479033 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.973479033 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.973479033 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.974622011 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.974668026 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.974704027 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.974864960 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.975007057 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.975023031 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.975613117 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.975676060 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:32.980063915 CEST	18896	54150	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:32.980133057 CEST	54150	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:33.028008938 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:33.033512115 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:33.033761024 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:33.034014940 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:33.039247036 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:33.039336920 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:33.925585985 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:33.925793886 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.186491013 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.186683893 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.186985970 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.187854052 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.192048073 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.192915916 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.713462114 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.713757038 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.713882923 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.713884115 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.714102983 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.714162111 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.714798927 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.714817047 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.714853048 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.714884996 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.716098070 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.716114044 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.716170073 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.716202021 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.716389894 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.716418028 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.721689939 CEST	18896	54151	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.721762896 CEST	54151	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.824975967 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.831471920 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.831582069 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.831851006 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:34.836991072 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:34.837006092 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:35.717107058 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:35.717281103 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:35.981447935 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:35.981637955 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:35.981842041 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:35.982731104 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:35.986742973 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:35.987565041 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.508450985 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.508651018 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.509013891 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.509098053 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.509239912 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.509251118 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.509304047 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.510144949 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.510155916 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.510205984 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.510967970 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.510979891 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.510987043 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.511027098 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.511059999 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.511296988 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.511326075 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.517621994 CEST	18896	54152	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.517699957 CEST	54152	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.575232983 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.580540895 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.580635071 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.580931902 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:36.585941076 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:36.585952997 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:37.500272036 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:37.500418901 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:37.775051117 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:37.775235891 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:37.775502920 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:37.776930094 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:37.780236959 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:37.781730890 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.323190928 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.323364973 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.323872089 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.324003935 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.324016094 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.324049950 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.324132919 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.324829102 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.324842930 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.324891090 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.325742006 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.325752020 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.325759888 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.325799942 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.325836897 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.326045036 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.326067924 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.330957890 CEST	18896	54153	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.331032038 CEST	54153	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.371984005 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.377266884 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.377351046 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.377629042 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:38.382931948 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:38.382946014 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:39.264364958 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:39.264692068 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:39.535784960 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:39.535866022 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:39.536256075 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:39.537589073 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:39.541613102 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:39.543052912 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.081778049 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.081958055 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.083261967 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.083313942 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.083636045 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.083650112 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.083683014 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.083717108 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.084960938 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.084974051 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.085036039 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.085036039 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.085973978 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.086025000 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.086119890 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.086714983 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.090856075 CEST	18896	54154	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.090907097 CEST	54154	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.153498888 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.158529043 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.158622026 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.159063101 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:40.164197922 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:40.164210081 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.027650118 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.027873993 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.291574955 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.291907072 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.292058945 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.293915987 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.296880007 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.298768997 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.823172092 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.823492050 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.823724985 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.823738098 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.823796988 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.825077057 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.825088978 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.825148106 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.825404882 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.825433016 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.826407909 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.826478004 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.830228090 CEST	18896	54155	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.830288887 CEST	54155	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.918706894 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.924216986 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.924302101 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.924547911 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:41.929372072 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:41.929503918 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:42.801965952 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:42.802036047 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.068706036 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.069058895 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.069936037 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.073118925 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.076195955 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.078967094 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.597661018 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.597873926 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.598063946 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.598232985 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.598474979 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.598489046 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.598530054 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.598558903 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.599737883 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.599788904 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.600126982 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.600138903 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.600147963 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.600179911 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.600205898 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.600449085 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.600476980 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.605309010 CEST	18896	54156	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.605484962 CEST	54156	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.704386950 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.709460974 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.709553003 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.709868908 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:43.714729071 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:43.714775085 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:44.577327013 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:44.577524900 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:44.838587046 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:44.838998079 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:44.839272976 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:44.841312885 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:44.844206095 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:44.846157074 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.362021923 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.362330914 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.362554073 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.362746000 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.362941980 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.362957954 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.363128901 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.363128901 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.364095926 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.364108086 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.364116907 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.364160061 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.364195108 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.364432096 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.364464045 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.369879007 CEST	18896	54157	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.370068073 CEST	54157	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.434742928 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.439682007 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.439825058 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.440237999 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:45.445166111 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:45.445255041 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:46.340013027 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:46.340315104 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:46.595205069 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:46.595402002 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:46.596031904 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:46.599091053 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:46.601941109 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:46.604990005 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.126055956 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.126306057 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.127855062 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.127938986 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.128110886 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.128128052 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.128168106 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.128201008 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.129122972 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.129137993 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.129153967 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.129168034 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.129192114 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.129208088 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.129235983 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.129533052 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.129547119 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.136238098 CEST	18896	54158	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.136384010 CEST	54158	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.231482983 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.238884926 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.238966942 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.239321947 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:47.247306108 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:47.248431921 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.147907019 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.148175955 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.421094894 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.421155930 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.421488047 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.422286034 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.426347971 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.427202940 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.988962889 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.988989115 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.989018917 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.989041090 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.989684105 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.989705086 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.989734888 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.989747047 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991133928 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.991157055 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.991170883 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.991183996 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991184950 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.991183996 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991209030 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991219997 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991348982 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.991358995 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:48.996335983 CEST	18896	54159	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:48.996397972 CEST	54159	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:49.013230085 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:49.018523932 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:49.018783092 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:49.019335032 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:49.024863958 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:49.024883032 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:49.900273085 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:49.900573969 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.174017906 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.174185991 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.174470901 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.175288916 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.182286024 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.182306051 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.712304115 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.712491035 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.712637901 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.712786913 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.713212967 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.713231087 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.713277102 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.713277102 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.714381933 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.714433908 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.714642048 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.714673996 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.714690924 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.714694023 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.714720011 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.714770079 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.714992046 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.715023041 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.720366955 CEST	18896	54160	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.720556974 CEST	54160	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.747172117 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.752686977 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.752779961 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.752994061 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:50.760075092 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:50.761053085 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:51.641248941 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:51.641345978 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:51.903542995 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:51.903652906 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:51.904753923 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:51.907661915 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:51.909759998 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:51.912554026 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.433299065 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.433396101 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.434195042 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.434263945 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.434950113 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.434967041 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.435015917 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.435050964 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.435935974 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.435996056 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.438267946 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.438330889 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.439240932 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.439255953 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.439295053 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.439331055 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.439495087 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.439526081 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.444936037 CEST	18896	54161	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.445010900 CEST	54161	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.527930975 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.534189939 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.534271955 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.534497023 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:52.545846939 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:52.545861959 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:53.424132109 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:53.424221039 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:53.685586929 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:53.685682058 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:53.686070919 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:53.686885118 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:53.691421032 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:53.692015886 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.212337017 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.212397099 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.212430954 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.212446928 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.212654114 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.213867903 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.213885069 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.213898897 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.213938951 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.213979959 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.214230061 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.214263916 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.217118025 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.217185020 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.219786882 CEST	18896	54162	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.219841957 CEST	54162	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.278060913 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.283914089 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.284132004 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.284224033 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:54.292644024 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:54.292663097 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:55.218539000 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:55.218662024 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:55.861087084 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:55.861392021 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:55.861403942 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:55.861500025 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:55.861586094 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:55.862453938 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:55.867202044 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:55.867645025 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.440850973 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.441078901 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.441937923 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.442002058 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.442523003 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.442539930 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.442575932 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.442605019 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.443967104 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.443993092 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.444008112 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.444025993 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.444026947 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.444063902 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.444228888 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.444259882 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.456571102 CEST	18896	54163	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.456635952 CEST	54163	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.481735945 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.486874104 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.486972094 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.487169027 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:56.492188931 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:56.492204905 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:57.398652077 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:57.401261091 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:57.688029051 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:57.688131094 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:57.688395023 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:57.689189911 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:57.693262100 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:57.694279909 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.253365993 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.253696918 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.253812075 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.254082918 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.254096985 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.254239082 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.255471945 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.255815029 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.255827904 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.255836964 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.255882978 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.255919933 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.256088018 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.256119967 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.260981083 CEST	18896	54164	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.261152029 CEST	54164	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.372477055 CEST	54165	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.379693985 CEST	18896	54165	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.381278992 CEST	54165	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.381371021 CEST	54165	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:58.386596918 CEST	18896	54165	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:58.386606932 CEST	18896	54165	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:59.301127911 CEST	18896	54165	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:59.301192045 CEST	54165	18896	192.168.2.4	156.255.2.100
Jul 27, 2024 11:20:59.580173969 CEST	18896	54165	156.255.2.100	192.168.2.4
Jul 27, 2024 11:20:59.580254078 CEST	54165	18896	192.168.2.4	156.255.2.100

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 27, 2024 11:19:18.354876041 CEST	53	60487	1.1.1.1	192.168.2.4

Target ID:	0
Start time:	05:18:53
Start date:	27/07/2024
Path:	C:\Users\user\Desktop\1x6jzcZeRu.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\1x6jzcZeRu.exe"
Imagebase:	0x60000
File size:	1'625'600 bytes
MD5 hash:	92FFD5A24BF3942FFA7AC182E4E0C171
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	Go lang
Yara matches:	Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000002.2888204760.000000C000180000.00000004.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_4, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_f0b627fc, Description: Rule for beacon reflective loader, Source: 00000000.00000003.1642564620.0000014673FE0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_b54b94ac, Description: Rule for beacon sleep obfuscation routine, Source: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_CobaltStrike_3, Description: Yara detected CobaltStrike, Source: 00000000.00000002.2888862525.0000014674061000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_CobaltStrike_663fc95d, Description: Identifies CobaltStrike via unidentified function code, Source: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	05:18:53
Start date:	27/07/2024
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	1.9%
Dynamic/Decrypted Code Coverage:	17.1%
Signature Coverage:	16.9%
Total number of Nodes:	988
Total number of Limit Nodes:	91

Executed Functions

Function 0006C240 Relevance: 14.1, Strings: 11, Instructions: 384
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo, xrefs: 0006C8DF
memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new , xrefs: 0006C9B2
, xrefs: 0006C8CF
out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi, xrefs: 0006C5F6
arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p , xrefs: 0006C607
, M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4c, xrefs: 0006C965
out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume, xrefs: 0006C618
base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c, xrefs: 0006C8B1
) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: , xrefs: 0006C985
region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m, xrefs: 0006C887
out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit, xrefs: 0006C5E5

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: $) not in usable address space: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: $, M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4c$arena already initialized to unused region of span bytes failed with errno=runtime: VirtualAlloc of /sched/gomaxprocs:threadsremaining pointer buffersslice bounds out of range_cgo_thread_start missingallgadd: bad status Gidleruntime: program exceeds startm: p $base outside usable address spaceruntime: memory allocated by OS [misrounded allocation in sysAllocconcurrent map read and map writeruntime: failed to decommit pages/cpu/classes/gc/pause:cpu-seconds/cpu/classes/gc/total:cpu-seconds/gc/limiter/last-enabled:gc-c$end outside usable address spaceGCProg for type that isn't largeruntime: failed to release pagesruntime: fixalloc size too largeinvalid limiter event type foundscanstack: goroutine not stoppedscavenger state is already wiredsweep increased allocation countremo$memory reservation exceeds address space limittried to park scavenger from another goroutinereleased less than one physical page of memory (bad use of unsafe.Pointer? try -d=checkptr)sysGrow bounds not aligned to pallocChunkBytesruntime: failed to create new $out of memory allocating allArenas/memory/classes/heap/objects:bytesruntime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning wit$out of memory allocating heap arena map/cpu/classes/gc/mark/assist:cpu-seconds/cpu/classes/scavenge/total:cpu-seconds/memory/classes/profiling/buckets:bytesmspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResume$out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbi$region exceeds uintptr range/gc/heap/frees-by-size:bytes/gc/heap/tiny/allocs:objects/sched/goroutines:goroutinesgcBgMarkWorker: mode not setmspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: m
API String ID: 0-889582176
Opcode ID: 97d3fce880ca850c7f626a5cce70ded176eee10bcbb3abdc1d230bdb19ec2945
Instruction ID: c583ca458155b0ec0cac5462ea3d183e110963dc0962357712c3bd259227e353
Opcode Fuzzy Hash: 97d3fce880ca850c7f626a5cce70ded176eee10bcbb3abdc1d230bdb19ec2945
Instruction Fuzzy Hash: 4D029A72609B8482EBA08B52F4507EAB7A5F789B90F848226EFDD57795CF7CC584C700

Function 0006CDE0 Relevance: 8.0, Strings: 6, Instructions: 547COMMON

Download Yara Rule

Strings

malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=, xrefs: 0006D676
mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= , xrefs: 0006D665
unexpected malloc header in delayed zeroing of large objectmanual span allocation called with non-manually-managed typeaddr range base and limit are not in the same memory segmentruntime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCom, xrefs: 0006D60C
malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no , xrefs: 0006D687
!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 0006D173
delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc calle, xrefs: 0006D61D

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC$delayed zeroing on data that may contain pointerssweeper left outstanding across sweep generationsfully empty unfreed span set block found in resetcasgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc calle$malloc deadlockruntime error: with GC progscan missed a gmisaligned maskruntime: min = runtime: inUse=runtime: max = bad panic stackrecovery failedstopm holding pstartm: m has ppreempt SPWRITEmissing mcache?ms: gomaxprocs=randinit missed]morebuf={pc:: no $malloc during signalclose of nil channelinconsistent lockedmnotetsleep not on g0bad system page size to unallocated span/gc/scan/stack:bytes/gc/scan/total:bytes/gc/heap/frees:bytes/gc/gomemlimit:bytesp mcache not flushed markroot jobs donepacer: assist ratio=$mallocgc called without a P or outside bootstrappingruntime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= $unexpected malloc header in delayed zeroing of large objectmanual span allocation called with non-manually-managed typeaddr range base and limit are not in the same memory segmentruntime: netpoll: PostQueuedCompletionStatus failed (errno= runtime: GetQueuedCom
API String ID: 0-2179380626
Opcode ID: 82e46fe574dcd10cb637a15712edd5b5e70874ab61b033f389c810f8447b4183
Instruction ID: 285dd44deed0dae3fef3055a5fb24c471fb98c160b337ee9519002b3b3ce6b77
Opcode Fuzzy Hash: 82e46fe574dcd10cb637a15712edd5b5e70874ab61b033f389c810f8447b4183
Instruction Fuzzy Hash: 8B321272B08B90C2DB60CB15E4407AEBBA6F385B94F589116EE9D07B95CF79C984CB00

Function 00061AA0 Relevance: 8.0, Strings: 6, Instructions: 474
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pclmulqdqcomplex64math/randtlsrsakexInheritedClassINETAuthorityuser32.dllLoadImageWSetCapturednsapi.dlldwmapi.dllws2_32.dllIsValidSidDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionLocalAllocLockFileExOpenEventWOpenMutexWOpenThreadPulseEventResetEventWSAClea, xrefs: 00061B1F
sse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base , xrefs: 00061D28
avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWriteFileWSASendToprofBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreempt, xrefs: 000620F1
adxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipeermssse3avx2bmi1bmi2boolint8uintchanfuncntohsCall falsedefersweeptestRtestWe, xrefs: 00061AC6
avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowWSAIoctlrecvfromshutdownno anodenil PoolscavengepollDesctraceBufdeadlockraceFinipanicnilcgocheckrunnable procid rax rbx rcx rdx rdi rsi, xrefs: 000620A4
rdtscppopcntuint16uint32uint64structcmd/goCommonheaderAnswerCopySidFreeSidSleepExWSARecvWSASendconnectfloat32float64forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningsyscallwaitingUNKNOWN:events, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head, xrefs: 00061B40

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: adxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipeermssse3avx2bmi1bmi2boolint8uintchanfuncntohsCall falsedefersweeptestRtestWe$avx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWriteFileWSASendToprofBlockstackpoolhchanLeafwbufSpansmSpanDeadscavtraceinittracepanicwaitchan sendpreempt$avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowWSAIoctlrecvfromshutdownno anodenil PoolscavengepollDesctraceBufdeadlockraceFinipanicnilcgocheckrunnable procid rax rbx rcx rdx rdi rsi$pclmulqdqcomplex64math/randtlsrsakexInheritedClassINETAuthorityuser32.dllLoadImageWSetCapturednsapi.dlldwmapi.dllws2_32.dllIsValidSidDnsQuery_WGetIfEntryCancelIoExCreatePipeGetVersionLocalAllocLockFileExOpenEventWOpenMutexWOpenThreadPulseEventResetEventWSAClea$rdtscppopcntuint16uint32uint64structcmd/goCommonheaderAnswerCopySidFreeSidSleepExWSARecvWSASendconnectfloat32float64forcegcallocmWcpuprofallocmRunknowngctraceIO waitrunningsyscallwaitingUNKNOWN:events, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head$sse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= ctxt: min= max= (...) m=nil base
API String ID: 0-3277210184
Opcode ID: 89c69df342fb2d7d9c409129bb4c1ea8fc931ae4a076abbf0c837f8e4833189c
Instruction ID: 58d2e3b63f8f705824b755f54a4192c215ea772747c4bac67087680614e5c84e
Opcode Fuzzy Hash: 89c69df342fb2d7d9c409129bb4c1ea8fc931ae4a076abbf0c837f8e4833189c
Instruction Fuzzy Hash: 6D42BE7A504B84C5E711EF25F44979C3BA0F359B84F58822ADA9D8B362DF7AC4A9C340

Function 0000014674044E28 Relevance: 4.7, APIs: 3, Instructions: 190stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000014674044FEC: malloc.LIBCMT ref: 0000014674045008

GetUserNameA.ADVAPI32(?,?,?,?,?,?,?,-00000001,?,-00000001,?,00000002,000001467403BC89), ref: 0000014674044EAF
strrchr.LIBCMT ref: 0000014674044EED
_snprintf.LIBCMT ref: 0000014674044F9B

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: NameUser_snprintfmallocstrrchr
String ID:
API String ID: 1238167203-0
Opcode ID: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
Instruction ID: d734e064147d691fa4ec0711a33865249ddf51321d8c40731abab7398cba07cc
Opcode Fuzzy Hash: d69273eeb4579e6a96eb8d0c87a60564a21875d7210b55cf29d23a145d20b21e
Instruction Fuzzy Hash: 41517430718A080FFA58AB6C945ABB976D2EBDA319F10453DE59FC32A3D934D8428746

Function 000942C0 Relevance: 4.0, Strings: 3, Instructions: 273COMMON

Download Yara Rule

Strings

runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsruntime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinaliz, xrefs: 0009474F
self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchmultipathtcpgotypesaliashttpmuxgo121randautoseedtlsunsafeekmRCodeSuccessRCodeRef, xrefs: 00094765
runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=invalid or incomplete multibyte or wide characterslice bounds out of range [::%x] with capacity %yinvalid memory address or nil pointer dereferencepanicwrap: unexpe, xrefs: 00094727

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: runtime.preemptM: duplicatehandle failed; errno=runtime: waitforsingleobject wait_failed; errno=invalid or incomplete multibyte or wide characterslice bounds out of range [::%x] with capacity %yinvalid memory address or nil pointer dereferencepanicwrap: unexpe$runtime.preemptM: duplicatehandle failedglobal runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsruntime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinaliz$self-preempt [recovered]bad recoverybad g statusentersyscallwirep: p->m=) p->status=releasep: m= sysmonwait= preemptoff=cas64 failed m->gsignal=-byte limitruntime: sp=abi mismatchmultipathtcpgotypesaliashttpmuxgo121randautoseedtlsunsafeekmRCodeSuccessRCodeRef
API String ID: 0-1632531470
Opcode ID: a2a839f5ea614cc201eca06c6656386bdf50744c7cab59da56dfadbd3d40b0c2
Instruction ID: c50050de4c658d0bd3f2e1ae430d2861f7f77e159ad913c4b6b611287f2d8496
Opcode Fuzzy Hash: a2a839f5ea614cc201eca06c6656386bdf50744c7cab59da56dfadbd3d40b0c2
Instruction Fuzzy Hash: 6AC19036605F8086CB60DF25E8413AF7760F78ABA4F559236DAAC43795DF39C492CB40

Function 000920A0 Relevance: 2.6, Strings: 2, Instructions: 65COMMON

Download Yara Rule

Strings

PowerRegisterSuspendResumeNotification, xrefs: 00092109
powrprof.dll, xrefs: 000920B9

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: PowerRegisterSuspendResumeNotification$powrprof.dll
API String ID: 0-3247360486
Opcode ID: b720f6d9096ba4f41e30eb247110444019ab0636a7cb9309cd8bb434df56502a
Instruction ID: dd813b9a1ed17eb0dc809d73240afee66be6d84beb246841d2f940fbd3c20c78
Opcode Fuzzy Hash: b720f6d9096ba4f41e30eb247110444019ab0636a7cb9309cd8bb434df56502a
Instruction Fuzzy Hash: AF214636208B84C6DB00CB10F84539AB7A5F78AB80F988116EBCC47B69DF79C195CB40

Function 0000014674DC0000 Relevance: 1.7, APIs: 1, Instructions: 211COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 0000014674DC00D0

Memory Dump Source

Source File: 00000000.00000002.2889323471.0000014674DC0000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674DC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674dc0000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
Instruction ID: b92cbf95742e7910446a519f89d5c8dc59b1c4bd6b2c86d8573e667cb8728e71
Opcode Fuzzy Hash: 88e8bec169d31fc803aeef05fed04f98ffb8ac2501b92b4af572ff67ccb03544
Instruction Fuzzy Hash: 3251DF30204A458FD71ECE5C84C9A35B7D5E79630EF16D7BED59ACB2ABC930D842CA81

Function 00087A60 Relevance: 1.6, Strings: 1, Instructions: 332COMMON

Download Yara Rule

Strings

grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me, xrefs: 00087FC2

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: grew heap, but no adequate free space foundroot level max pages doesn't fit in summaryruntime: releaseSudog with non-nil gp.paramunknown runnable goroutine during bootstrapruntime: casfrom_Gscanstatus bad oldval gp=runtime:stoplockedm: lockedg (atomicstatus=me
API String ID: 0-3724787384
Opcode ID: e6b0bf75e191f1ca07c795df2aa8dc9a3a703542b378823cb7d942742ede6098
Instruction ID: 72fee57c7bcd740413d64a00a9c68131af3f9cfaf38a4bc6bd01f79a8080ff2d
Opcode Fuzzy Hash: e6b0bf75e191f1ca07c795df2aa8dc9a3a703542b378823cb7d942742ede6098
Instruction Fuzzy Hash: C8E16172209B8485DB60EB16E4807AEB761F785BD0F689126EFDD43B69CF38C494CB40

Function 00074E20 Relevance: 1.5, Strings: 1, Instructions: 283COMMON

Download Yara Rule

Strings

span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor, xrefs: 00074FD0

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: span has no free objectsruntime: found obj at *(runtime: VirtualFree of /cgo/go-to-c-calls:calls/gc/heap/objects:objects/sched/latencies:secondsqueuefinalizer during GCupdate during transitionruntime: markroot index can't scan our own stackgcDrainN phase incor
API String ID: 0-1712010102
Opcode ID: ef3c6b34f3a16b3000f18b499d5aec652fcf90f4e853b18a464b43feec257341
Instruction ID: 989cc0149c171de25bcb4eff6cf388b8b29ea306f1688c261ea71074aa6c0b29
Opcode Fuzzy Hash: ef3c6b34f3a16b3000f18b499d5aec652fcf90f4e853b18a464b43feec257341
Instruction Fuzzy Hash: 22C1D072609F808ADF54DB14E8903AEB7A4F785B55F448525EB8E03BAADF7CC845CB40

Function 000A4CA0 Relevance: .3, Instructions: 306COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1faea1b6c6d3c74870dca01d9b6e9bf79ae3c18fa08c95429aecdcf99492373
Instruction ID: e16e75365a65cd0c7cdcf792d337464dd58f910289bc8c3372fd7e2b9efef23e
Opcode Fuzzy Hash: d1faea1b6c6d3c74870dca01d9b6e9bf79ae3c18fa08c95429aecdcf99492373
Instruction Fuzzy Hash: ADC18036209B8486DB10DF95F8903AEB7A1F7CAB80F545126EA8E87765DF7CC445CB40

Function 0009D920 Relevance: .2, Instructions: 238COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2c0505b5c620f0875954005f29a16a3e9743ba679c8b30e92e02f77adcb3485
Instruction ID: e1abece609ffa85d3d39495626ac6b6b8f589ea5a34b5f211904b5209f439a2d
Opcode Fuzzy Hash: a2c0505b5c620f0875954005f29a16a3e9743ba679c8b30e92e02f77adcb3485
Instruction Fuzzy Hash: FB91EF72B85640CADF54AF14E8803AD77A2F785B84F98A076CE4D1B326DF39C885E740

Function 00086C60 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97756b1d9124aaec8b423135f5fadc36709c648fe4938f09c6905f950313ae07
Instruction ID: 0d73276283805df8e47eb5af5cbb1a6c594a37e2b77d2fc3b415775b000a6bdc
Opcode Fuzzy Hash: 97756b1d9124aaec8b423135f5fadc36709c648fe4938f09c6905f950313ae07
Instruction Fuzzy Hash: 7E31C37A704B8991DF489B19E8853EA2761F784BC0F86D036DE8E47329DF39D64AC300

Function 000921E0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 849701ab9298ad5255c9a23bafe6ecac08650526b3418f08058971c4c9317505
Instruction ID: cb017bece2760a819f1d3639b4fb7b9981eeedf7a66dfeedd7bab41456ee5477
Opcode Fuzzy Hash: 849701ab9298ad5255c9a23bafe6ecac08650526b3418f08058971c4c9317505
Instruction Fuzzy Hash: D0217133608B85D1CB50CB21F44536A7760F396BE4F559222EEAD47B95DB3DC191CB40

Function 000001467403D68C Relevance: 7.8, APIs: 5, Instructions: 260
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_snprintf.LIBCMT ref: 000001467403D725

Part of subcall function 000001467404E63C: _errno.LIBCMT ref: 000001467404E673
Part of subcall function 000001467404E63C: _invalid_parameter_noinfo.LIBCMT ref: 000001467404E67E

_snprintf.LIBCMT ref: 000001467403D7BD
InternetQueryDataAvailable.WININET ref: 000001467403D87A

Part of subcall function 0000014674041D70: strchr.LIBCMT ref: 0000014674041DD6
Part of subcall function 0000014674041D70: _snprintf.LIBCMT ref: 0000014674041E0C

Part of subcall function 0000014674041C0C: strchr.LIBCMT ref: 0000014674041C69
Part of subcall function 0000014674041C0C: _snprintf.LIBCMT ref: 0000014674041CB3

_snprintf.LIBCMT ref: 000001467403D7D4

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _snprintf$strchr$AvailableDataInternetQuery_errno_invalid_parameter_noinfo
String ID:
API String ID: 2459009813-0
Opcode ID: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
Instruction ID: d991479f9b2a64d600ce3893e6922a1d3c76b87d9c30df96d353cb294efa85a6
Opcode Fuzzy Hash: 6e2045361780fadf1587795c869fcd23f7db7a84374f415de51a140654aa30c6
Instruction Fuzzy Hash: DA81DA316186484FD754EB28D889BF9B7E5FB9631AF10057EE84AC31A3DF34D9018782

Function 000001467403E014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103
networkCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketA.WS2_32 ref: 000001467403E042
WSAIoctl.WS2_32 ref: 000001467403E08F
closesocket.WS2_32 ref: 000001467403E0EE

Strings

_Cy, xrefs: 000001467403E0A1

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: IoctlSocketclosesocket
String ID: _Cy
API String ID: 3445158922-1085951347
Opcode ID: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction ID: 0b2c7ee994dba9cdcad509697eedd2ae4c7e590064ee569e7fe186395915e092
Opcode Fuzzy Hash: 9f6035121241c12ff71e8e552415c275c25b201d0c9d2d3551ffb33b20d91594
Instruction Fuzzy Hash: A331893051CA484BD764DF38D4887AA7BD5F7D5319F11473EE44AC31A2DB34C5418782

Function 000001467403DA48 Relevance: 3.2, APIs: 2, Instructions: 159networkCOMMONLIBRARYCODE

Download Yara Rule

APIs

InternetOpenA.WININET ref: 000001467403DB0C
InternetConnectA.WININET ref: 000001467403DB7A

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: Internet$ConnectOpen
String ID:
API String ID: 2790792615-0
Opcode ID: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
Instruction ID: 3ae70ed98fe464e91e07caa1a2e3e402119acd6064454caa11dc3d1daa17d1e4
Opcode Fuzzy Hash: c02896be98f17698b461471e8597e5ae08ffedd86d74317b17a8770a829ca45e
Instruction Fuzzy Hash: DD519330618B044FEB59DB28D49A7A977D1FBDA309F11043DD087C36A3DA7C99068B47

Function 000001467404C3B8 Relevance: 1.6, APIs: 1, Instructions: 122memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000001467404C49E

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
Instruction ID: 3b0ae13418cd6dab1e75e2cd81a5356a23162d1fc0371649be21399edb1db5ec
Opcode Fuzzy Hash: aac624e9975941b750356ceb78cd3aa232c6bd2fb96b7d29432793f1a6c54ced
Instruction Fuzzy Hash: D0316D3061CB098FEB98EF1CA59967937D5F7EA359F11012EE04AC3266DB64EC418783

Function 000C66E0 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE ref: 000C6778

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: a0520eac1ccf24d66fb7d7e56398b906acba0fc96287ccc1e9c1c5cf3b874f96
Instruction ID: 4cd4398fe5d2b69e97143243263b508657bb922db0b39173560a214c7bd45ace
Opcode Fuzzy Hash: a0520eac1ccf24d66fb7d7e56398b906acba0fc96287ccc1e9c1c5cf3b874f96
Instruction Fuzzy Hash: AB115E36A05B80C1DB218B5AE84132D73B4E348BE4F244725DFAD57BA4DB29E1A2C740

Function 000001467404C1C8 Relevance: 1.4, APIs: 1, Instructions: 121memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualAlloc.KERNELBASE ref: 000001467404C2B0

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
Instruction ID: aaa4ccf7a5e95ef31109540a3d326b816df4f649008539288a8d8d7609f2367a
Opcode Fuzzy Hash: aae31d7e320f49b2b7b8d2523f04f5552282cf255c9fc24f679e558ee007d563
Instruction Fuzzy Hash: 8C31A37071CB448FEB95DF5CA88566A33E1F7AA349F11052EE449C3662DB74EC018B83

Function 000001467404C2EC Relevance: 1.3, APIs: 1, Instructions: 75COMMONLIBRARYCODE

Download Yara Rule

APIs

VirtualFree.KERNELBASE ref: 000001467404C3A2

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: FreeVirtual
String ID:
API String ID: 1263568516-0
Opcode ID: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
Instruction ID: 1765451466d801f0f56d7402155f176defe40dfb3dace97be4f20b58166b1823
Opcode Fuzzy Hash: 33013136f0bb95f1eb9f3645b418df4a5ff2efb559231014e174e8ee2656166c
Instruction Fuzzy Hash: A321517060DB488FEBA5DB1CA44876937E5F7AE35BF11093AD449C32B1C7789980CB82

Non-executed Functions

Function 0000014674051F9C Relevance: 30.8, APIs: 15, Strings: 2, Instructions: 1030COMMON

Download Yara Rule

APIs

Part of subcall function 0000014674050600: _getptd.LIBCMT ref: 0000014674050616
Part of subcall function 0000014674050600: __updatetlocinfo.LIBCMT ref: 000001467405064B
Part of subcall function 0000014674050600: __updatetmbcinfo.LIBCMT ref: 0000014674050672

_errno.LIBCMT ref: 0000014674052002

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_fileno.LIBCMT ref: 000001467405202F

Part of subcall function 0000014674054A54: _errno.LIBCMT ref: 0000014674054A5D
Part of subcall function 0000014674054A54: _invalid_parameter_noinfo.LIBCMT ref: 0000014674054A68

write_multi_char.LIBCMT ref: 000001467405266B
write_string.LIBCMT ref: 0000014674052688
write_multi_char.LIBCMT ref: 00000146740526A5
write_string.LIBCMT ref: 0000014674052704
write_multi_char.LIBCMT ref: 000001467405275D
free.LIBCMT ref: 0000014674052771
_isleadbyte_l.LIBCMT ref: 0000014674052842
write_char.LIBCMT ref: 0000014674052858
write_char.LIBCMT ref: 0000014674052879
_errno.LIBCMT ref: 000001467405297C
_invalid_parameter_noinfo.LIBCMT ref: 0000014674052987

Strings

, xrefs: 000001467405263F
@, xrefs: 000001467405201B

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID: $@
API String ID: 3613058218-1077428164
Opcode ID: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction ID: 3e02ebc8380da1ba9d0db61261efda6ee8081d531f6d9065290c38e2f28e5176
Opcode Fuzzy Hash: 0599035506f01076b605f9026c3628a483f4ccd483033c44f83e2593a1d2db07
Instruction Fuzzy Hash: 0D62C6319186498AEB689B789459BE9F7D1FF9730EF24053DD886C31E3D6349882CE43

Function 0000014674051528 Relevance: 29.0, APIs: 15, Strings: 1, Instructions: 1022COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000014674050600: _getptd.LIBCMT ref: 0000014674050616
Part of subcall function 0000014674050600: __updatetlocinfo.LIBCMT ref: 000001467405064B
Part of subcall function 0000014674050600: __updatetmbcinfo.LIBCMT ref: 0000014674050672

_errno.LIBCMT ref: 000001467405158E

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_fileno.LIBCMT ref: 00000146740515BB

Part of subcall function 0000014674054A54: _errno.LIBCMT ref: 0000014674054A5D
Part of subcall function 0000014674054A54: _invalid_parameter_noinfo.LIBCMT ref: 0000014674054A68

write_multi_char.LIBCMT ref: 0000014674051BEB
write_string.LIBCMT ref: 0000014674051C08
write_multi_char.LIBCMT ref: 0000014674051C25
write_string.LIBCMT ref: 0000014674051C84
write_multi_char.LIBCMT ref: 0000014674051CDD
free.LIBCMT ref: 0000014674051CF1
_isleadbyte_l.LIBCMT ref: 0000014674051DC2
write_char.LIBCMT ref: 0000014674051DD8
write_char.LIBCMT ref: 0000014674051DF9
_errno.LIBCMT ref: 0000014674051EF3
_invalid_parameter_noinfo.LIBCMT ref: 0000014674051EFE

Strings

, xrefs: 0000014674051BBF

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errnowrite_multi_char$_invalid_parameter_noinfowrite_charwrite_string$__updatetlocinfo__updatetmbcinfo_fileno_getptd_getptd_noexit_isleadbyte_lfree
String ID:
API String ID: 3613058218-3916222277
Opcode ID: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction ID: 664c577cc8b718bd1d78099c77307799c7140794050e7eac7820522043cbff93
Opcode Fuzzy Hash: 99560b4e6a3ba651302837abcdacc877c80be0c82fbf8e81c16206e006ab6ccb
Instruction Fuzzy Hash: BB62D830D18A498AF7689B589449BF9F7D1FB5731EF24023DD887CB1E3D6259882C643

Function 000798E0 Relevance: 17.0, Strings: 13, Instructions: 703COMMON

Download Yara Rule

Strings

ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32, xrefs: 0007A1EA
MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, xrefs: 0007A4C5
+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=, xrefs: 0007A1B6, 0007A356
non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptrmin size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - d, xrefs: 0007A6B8
gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun, xrefs: 0007A6DA
gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free , xrefs: 000799A4
@s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m, xrefs: 0007A06C
, xrefs: 00079EBF
gc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipee, xrefs: 0007A04E
ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=, xrefs: 0007A40B
MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException , xrefs: 0007A485
failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre, xrefs: 0007A6C9
., xrefs: 00079FCA

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: $ @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m$ MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:$ MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException $ ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32$ ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)traceback} stack=$+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=$.$failed to set sweep barrierwork.nwait was > work.nproc not in stack roots range [allocated pages below zero?address not a stack addressmspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPre$gc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipee$gc done but gcphase != _GCoffruntime: p.gcMarkWorkerMode= scanobject of a noscan objectruntime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foun$gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free $non-concurrent sweep failed to drain all sweep queuescompileCallback: argument size is larger than uintptrmin size of malloc header is not a size class boundarygcControllerState.findRunnable: blackening not enabledno goroutines (main called runtime.Goexit) - d
API String ID: 0-1159072650
Opcode ID: f8ed18718886178dc12514de42630e52efa762a5c853082db625a7a330adb918
Instruction ID: 553d5dc5a5a88eac0f8c26651bd143347107e8748dfccd8566d8e4e631de65f7
Opcode Fuzzy Hash: f8ed18718886178dc12514de42630e52efa762a5c853082db625a7a330adb918
Instruction Fuzzy Hash: E8727A72608BC485EB61EB24F8853EE73A5F78AB80F448126DA8C4776ADF3DC485C751

Function 000AE040 Relevance: 15.4, Strings: 12, Instructions: 364COMMON

Download Yara Rule

Strings

locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangesubtle.XORBytes: dst too shortGODEBUG: unknown cpu feature "reflect: Elem of invalid type CertDuplicateCertificateContextSetupDiGetDeviceInf, xrefs: 000AE555
missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNameWReadProcessMe, xrefs: 000AE4D9, 000AE659
) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at , xrefs: 000AE412, 000AE593
runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pfile already existsfile does not existfile already closedmultipartmaxheadersRCodeNotImplementedTranslateAcceleratorChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcqu, xrefs: 000AE393, 000AE51F
args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine CM_Get_Device_Interface_ListWRegisterServiceCtrlHandlerExWDeleteProcThreadAttributeListGetSystemPreferredUILanguagesGetT, xrefs: 000AE3CF
untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNa, xrefs: 000AE60C
bad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNameWReadProcessMemoryQueryWorking, xrefs: 000AE42A, 000AE5AA
and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= , xrefs: 000AE3AF, 000AE53A
(targetpc= , plugin: runtime: g : frame.sp=created by i/o timeout/dev/stdout/dev/stderrgocachehashgocachetesthttp2clienthttp2serverarchive/tartls10servercrypto/x509archive/zipClassHESIODProcessPrngNetShareAddNetShareDelkernel32.dllVirtualAllocSendMessageWCfgM, xrefs: 000AE3F7, 000AE578
+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=, xrefs: 000AE4B2, 000AE62F
runtime: frame runtimer: bad ptraceback stuckjstmpllitinterptarinsecurepathx509usepolicieszipinsecurepathRegCreateKeyExWRegDeleteValueWRegisterClassExWTranslateMessageDispatchMessageWGetModuleHandleWGetConsoleWindowDuplicateTokenExOpenProcessTokenRegQueryInfoK, xrefs: 000AE474, 000AE5E9
untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unsafe.Pointermime/multipartRegSetValueExWRCodeNameErrorunreachable: PostQuitMessageCreateWindowExWShowWindowAsyncGetSecurityInfoImpersonateSelfOpenThreadTokenSetSecurityInfoG, xrefs: 000AE497

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: (targetpc= , plugin: runtime: g : frame.sp=created by i/o timeout/dev/stdout/dev/stderrgocachehashgocachetesthttp2clienthttp2serverarchive/tartls10servercrypto/x509archive/zipClassHESIODProcessPrngNetShareAddNetShareDelkernel32.dllVirtualAllocSendMessageWCfgM$ and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr= m->p= p->m=SCHED curg= $ args stack map entries for invalid runtime symbol tableruntime: no module data for traceRegion: alloc too large[originating from goroutine CM_Get_Device_Interface_ListWRegisterServiceCtrlHandlerExWDeleteProcThreadAttributeListGetSystemPreferredUILanguagesGetT$ locals stack map entries for abi mismatch detected between runtime: impossible type kind unsafe.Slice: len out of rangesubtle.XORBytes: dst too shortGODEBUG: unknown cpu feature "reflect: Elem of invalid type CertDuplicateCertificateContextSetupDiGetDeviceInf$ untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unsafe.Pointermime/multipartRegSetValueExWRCodeNameErrorunreachable: PostQuitMessageCreateWindowExWShowWindowAsyncGetSecurityInfoImpersonateSelfOpenThreadTokenSetSecurityInfoG$ untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNa$) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at $+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=$bad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNameWReadProcessMemoryQueryWorking$missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLookupAccountSidWCertFindExtensionCryptDecodeObjectDnsRecordListFreeGetShortPathNameWReadProcessMe$runtime: frame runtimer: bad ptraceback stuckjstmpllitinterptarinsecurepathx509usepolicieszipinsecurepathRegCreateKeyExWRegDeleteValueWRegisterClassExWTranslateMessageDispatchMessageWGetModuleHandleWGetConsoleWindowDuplicateTokenExOpenProcessTokenRegQueryInfoK$runtime: pcdata is bad ABI descriptiondodeltimer: wrong Padjusttimers: bad pfile already existsfile does not existfile already closedmultipartmaxheadersRCodeNotImplementedTranslateAcceleratorChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcqu
API String ID: 0-2875464409
Opcode ID: f1939bf45bfa8450f9b94487e99719d63dc606608a0565c6520980b47b9dfb59
Instruction ID: 73831efd1a6b9d67910499c6dcd78fc8fe1ad1011bad105dd8f5744c12fcdb6e
Opcode Fuzzy Hash: f1939bf45bfa8450f9b94487e99719d63dc606608a0565c6520980b47b9dfb59
Instruction Fuzzy Hash: 10E1A136218B8086DB64EF65E4813DEB768F78A780F548122EF8D47766DF78C984DB01

Function 0008AA40 Relevance: 14.3, Strings: 11, Instructions: 542COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 0008AE1C, 0008B56C
runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 0008AD3F, 0008B176
, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by i/o timeout/dev/stdout/dev/st, xrefs: 0008B23C
runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers/etc/hostsRCodeSer, xrefs: 0008ADEF
, levelBits[level] = runtime: searchIdx = panic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime:, xrefs: 0008B345
, M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4c, xrefs: 0008AD93, 0008ADAF, 0008B1D1, 0008B1EF
, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowWSAIoctlrecvfromshutdownno anodenil , xrefs: 0008B25A
] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr=, xrefs: 0008AD78
runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockinvalid pattern syntax: GetSecurityDescriptorDaclGetSecurityDescriptorSaclGetSidIdentifierAu, xrefs: 0008B2A5
][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: , xrefs: 0008AD5A, 0008B19B
runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tabl, xrefs: 0008B325

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: , M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4c$, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowWSAIoctlrecvfromshutdownno anodenil $, levelBits[level] = runtime: searchIdx = panic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime:$, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64nan3float32nan2GOTRACEBACK) at entry+ (targetpc= , plugin: runtime: g : frame.sp=created by i/o timeout/dev/stdout/dev/st$] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free span= prev= list=, i = code= addr=$][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: $bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stackruntime: split stack overflowstring concatenation too longinvalid function symbol tabl$runtime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers/etc/hostsRCodeSer$runtime: p.searchAddr = range partially overlapsstack trace unavailablebindm in unexpected GOOSrunqsteal: runq overflowdouble traceGCSweepStartbad use of trace.seqlockinvalid pattern syntax: GetSecurityDescriptorDaclGetSecurityDescriptorSaclGetSidIdentifierAu$runtime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-2260843642
Opcode ID: 3af629eeabf9b6e5f87e484917e6b461b86291c0c86ca24641b612d7d7a6065b
Instruction ID: a934b987a17f7fab039e6abcfc86393a3ede5fa1439e0d3d5cb52aa813a654be
Opcode Fuzzy Hash: 3af629eeabf9b6e5f87e484917e6b461b86291c0c86ca24641b612d7d7a6065b
Instruction Fuzzy Hash: D832CE76714BC481EB20AB11E8413EEB325F78ABC0F848122EE9D57B6ADF78C945D741

Function 00077F60 Relevance: 14.1, Strings: 11, Instructions: 331COMMON

Download Yara Rule

Strings

because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers, xrefs: 00078466
runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state, xrefs: 0007856B
runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already , xrefs: 000783E3, 00078437, 000784A1
nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod, xrefs: 0007858D
runtime.SetFinalizer: pointer not at beginning of allocated blocktoo many concurrent operations on a single file or socket (max 1048575)cannot convert slice with length %y to array or pointer to array with length %xruntime: warning: IsLongPathAwareProcess fail, xrefs: 000784EA
runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block, xrefs: 000784D4
runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultuser arena chunk size is not a multiple of the physical page sizeruntime: function marked with #cgo nocallback called back into Goru, xrefs: 0007857C
, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 000784C5
runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru, xrefs: 000785D0
runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi, xrefs: 000785BF
, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed, xrefs: 000785B0

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: because dotdotdotruntime: npages = runtime: range = {index out of rangeruntime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers$, not a functiongc: unswept span KiB work (bg), mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$, not pointer != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failed$nil elem type! to finalizer GC worker initruntime: full=runtime: want=MB; allocated timeEndPeriod$runtime.SetFinalizer: cannot pass too many pages allocated in chunk?mspan.ensureSwept: m is not lockedVirtualQuery for stack base failedforEachP: sched.safePointWait != 0schedule: spinning with local workruntime: g is running but p is notdoaddtimer: P already $runtime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs when work.full != 0runtime: out of memory: cannot allocate runtime.preemptM: duplicatehandle failedglobal runq empty wi$runtime.SetFinalizer: first argument is nilruntime.SetFinalizer: finalizer already setgcBgMarkWorker: unexpected gcMarkWorkerModenon in-use span found with specials bit setgrew heap, but no adequate free space foundroot level max pages doesn't fit in summaryru$runtime.SetFinalizer: first argument was allocated into an arenacompileCallback: expected function with one uintptr-sized resultuser arena chunk size is not a multiple of the physical page sizeruntime: function marked with #cgo nocallback called back into Goru$runtime.SetFinalizer: pointer not at beginning of allocated blocktoo many concurrent operations on a single file or socket (max 1048575)cannot convert slice with length %y to array or pointer to array with length %xruntime: warning: IsLongPathAwareProcess fail$runtime.SetFinalizer: pointer not in allocated blockruntime: use of FixAlloc_Alloc before FixAlloc_Initspan set block with unpopped elements found in resetruntime: GetQueuedCompletionStatusEx failed (errno= casfrom_Gscanstatus: gp->status is not in scan state$runtime.SetFinalizer: second argument is gcSweep being done but phase is not GCoffobjects added out of order or overlappingmheap.freeSpanLocked - invalid stack freemheap.freeSpanLocked - invalid span stateattempted to add zero-sized address rangeruntime: block
API String ID: 0-672018360
Opcode ID: 4199802c6f4cc690aafd83a3eebecffb26cd44f742851e375cb17a980d989a07
Instruction ID: cc45014909e82bfa24a6c612803fd3b3e50b30182d2bbeeeb82276a2a3e1a6cf
Opcode Fuzzy Hash: 4199802c6f4cc690aafd83a3eebecffb26cd44f742851e375cb17a980d989a07
Instruction Fuzzy Hash: 77E1EE32A49BC485EBA09B21E4943EEB7A4F385B80F88C536DA8D43796DF7CC585C714

Function 00084560 Relevance: 13.3, Strings: 10, Instructions: 811COMMON

Download Yara Rule

Strings

nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWr, xrefs: 00085048
swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb, xrefs: 00084F6D
mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification, xrefs: 00084FF8
mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea, xrefs: 000853CA
previous allocCount=, levelBits[level] = runtime: searchIdx = panic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:, xrefs: 00085065
mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 00084FCF, 000853A5
mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1, xrefs: 000853DB
sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte, xrefs: 00084F5C
sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine complex128, xrefs: 00084FAF, 00085385
sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt, xrefs: 000850AF

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: mheap.sweepgen=runtime: nelems=workbuf is emptymSpanList.removemSpanList.insertbad special kindbad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod$ nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWr$ previous allocCount=, levelBits[level] = runtime: searchIdx = panic on system stackasync stack too largestartm: m is spinningstartlockedm: m has pfindrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime:$ sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nanException ptrSize= targetpc= until pc=unknown pcruntime: ggoroutine complex128$mspan.sweep: bad span state after sweepruntime: blocked write on free polldescPowerRegisterSuspendResumeNotification$mspan.sweep: bad span stateinvalid profile bucket typeruntime: corrupted polldescruntime: netpollinit failedruntime: asyncPreemptStack=runtime: thread ID overflowstopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdea$mspan.sweep: m is not lockedfound pointer to free objectmheap.freeSpanLocked - span runtime.semasleep unexpectedfatal: morestack on gsignalruntime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1$sweep increased allocation countremovespecial on invalid pointerruntime: root level max pages = WSAGetOverlappedResult not found_cgo_pthread_key_created missingruntime: sudog with non-nil elemruntime: sudog with non-nil nextruntime: sudog with non-nil prevrunt$sweep: tried to preserve a user arena spanruntime: blocked write on closing polldescacquireSudog: found s.elem != nil in cachefatal error: cgo callback before cgo callon a locked thread with no template threadunexpected signal during runtime executionattempte$swept cached spanmarkBits overflowruntime: summary[runtime: level = , p.searchAddr = RtlGetCurrentPeb
API String ID: 0-1240578454
Opcode ID: 105b0ffad3f230f1e734fdc19dde85c4447e6979ecafcf669446e57fa66eea71
Instruction ID: 06dbfd7d55f8f48e804d611187cba5328c3cc8bd58adb2f36713dc255ea762bf
Opcode Fuzzy Hash: 105b0ffad3f230f1e734fdc19dde85c4447e6979ecafcf669446e57fa66eea71
Instruction Fuzzy Hash: 6082A173208BD586CB60EF15E4403AEB7A5F79AB84F449126EACD43B5ADF38C594CB40

Function 0000014674046B38 Relevance: 13.3, APIs: 10, Instructions: 790COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 0000014674046CA5
_snprintf.LIBCMT ref: 0000014674046D66
_snprintf.LIBCMT ref: 0000014674046D83
_snprintf.LIBCMT ref: 0000014674046FD8
_snprintf.LIBCMT ref: 00000146740470E8
_snprintf.LIBCMT ref: 00000146740471A6
_snprintf.LIBCMT ref: 000001467404725E
_snprintf.LIBCMT ref: 0000014674047002

Part of subcall function 000001467404E63C: _errno.LIBCMT ref: 000001467404E673
Part of subcall function 000001467404E63C: _invalid_parameter_noinfo.LIBCMT ref: 000001467404E67E

_snprintf.LIBCMT ref: 0000014674047276
_snprintf.LIBCMT ref: 0000014674047334

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _snprintf$_errno_invalid_parameter_noinfo
String ID:
API String ID: 3442832105-0
Opcode ID: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
Instruction ID: 120f794ea4357005fcb6879a85a16dff8ba1d632c8f95d6bb1d92c923b9f34c1
Opcode Fuzzy Hash: 5c5fb6f4a09e06ccff5c46792293312cb34477fc99d63142bfc01bcec4b0117e
Instruction Fuzzy Hash: A752D230118D899BE759AB2CD4067E0F3E0FFBA34EF405668D98587563FB34E5828782

Function 0009E3A0 Relevance: 7.2, Strings: 5, Instructions: 943COMMON

Download Yara Rule

Strings

findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg, xrefs: 0009F2EC
findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionNetUserGetLocalGroupsGetProfilesDirectoryWConvertSidToStringSidWConvert, xrefs: 0009F30E
global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsruntime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being don, xrefs: 0009F2CA
findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlinecrypto/cipher: input not full blocksaccessing a corrupted shared librarylfstack node , xrefs: 0009F2DB
findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r, xrefs: 0009F2FD

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: findrunnable: negative nmspinningfreeing stack not in a stack spanstackalloc not on scheduler stackruntime: goroutine stack exceeds runtime: text offset out of rangetimer period must be non-negativeruntime: name offset out of rangeruntime: type offset out of r$findrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid runtime symbol tableruntime: no module data for traceReg$findrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did not unwind completelyruntime: createevent failed; errno=file type does not support deadlinecrypto/cipher: input not full blocksaccessing a corrupted shared librarylfstack node $findrunnable: wrong ppreempt at unknown pcreleasep: invalid argcheckdead: runnable gruntime: newstack at runtime: newstack sp=runtime: confused by pcHeader.textStart= timer data corruptionNetUserGetLocalGroupsGetProfilesDirectoryWConvertSidToStringSidWConvert$global runq empty with non-zero runqsizemust be able to track idle limiter eventruntime: SyscallN has too many argumentsruntime: typeBitsBulkBarrier without type/memory/classes/metadata/mspan/free:bytesruntime.SetFinalizer: second argument is gcSweep being don
API String ID: 0-2948697866
Opcode ID: 5ad1df3accd63c62ddc719970354acd43c966994d2e35dcb6b3c4a822a51c87d
Instruction ID: 251534ab84d0742a6c6ad8127c609d58474b68eab9ccbd7ef7edb163813d58ed
Opcode Fuzzy Hash: 5ad1df3accd63c62ddc719970354acd43c966994d2e35dcb6b3c4a822a51c87d
Instruction Fuzzy Hash: 8D928A32609BC486EF71DB51E4803EEB3A4F789B90F588126CA8D57B59DF39C885DB40

Function 000970C0 Relevance: 6.5, Strings: 5, Instructions: 298COMMON

Download Yara Rule

Strings

suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function crypto/cipher: output smaller than inputaddress family not supported by protocolinvalid span in heapAren, xrefs: 000975EA
, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp, xrefs: 00097530
invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLo, xrefs: 000975D9
, goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcc, xrefs: 00097515, 00097597
runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers/etc/hostsRCodeServerFailureuse of closed fileImmEnumInputContextGetCurr, xrefs: 000974FA

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: , goid= s=nil (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcc$, gp->atomicstatus=marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp$invalid g statuscastogscanstatusbad g transitionschedule: in cgoreflect mismatch untyped locals missing stackmapbad symbol tablenon-Go function not in ranges:GODEBUG: value "RCodeFormatErrorGetCurrentThreadRtlVirtualUnwindAdjustTokenGroupsIsTokenRestrictedLo$runtime: gp: gp=runtime: getg: g=forEachP: not done in async preemptbad manualFreeListruntime: textAddr frames elided..., locked to threadruntime.semacreateruntime.semawakeup/Drivers/etc/hostsRCodeServerFailureuse of closed fileImmEnumInputContextGetCurr$suspendG from non-preemptible goroutineruntime: casfrom_Gscanstatus failed gp=stack growth not allowed in system calltraceback: unexpected SPWRITE function crypto/cipher: output smaller than inputaddress family not supported by protocolinvalid span in heapAren
API String ID: 0-3572918045
Opcode ID: 434ed1bd78c6f86ad265bd54c4ae4644f88c99cb658f77cb01fb1fc3da75ca19
Instruction ID: 3a5868aad675a3c139912b4fc97229403395ca7316ed200581329bb844f2c7a5
Opcode Fuzzy Hash: 434ed1bd78c6f86ad265bd54c4ae4644f88c99cb658f77cb01fb1fc3da75ca19
Instruction Fuzzy Hash: 26D1613721CB80C6DB24DB65E0817AEBB61F38ABD0F548166EE9D03B66CB38C541DB51

Function 0007FD20 Relevance: 6.4, Strings: 5, Instructions: 179COMMON

Download Yara Rule

Strings

pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P, xrefs: 0007FF26
(scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowW, xrefs: 0007FF45
MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from gocacheverifyinstallgoroot, xrefs: 0007FFA5
+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=, xrefs: 0007FFC5
-> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp, xrefs: 0007FF85

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: (scan MB in pacer: % CPU ( zombie, j0 = head = panic: nmsys= locks= dying= allocsGODEBUG m->g0= pad1= pad2= text= minpc= value= (scan)types : type avx512finvaliduintptrconsoleos/execruntime#internSetTimerEqualSidCancelIoReadFileSetEventAcceptExIsWindowW$ MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase}sched={pc:, gp->status= pluginpath= runtime: pid=: unknown pc called from gocacheverifyinstallgoroot$+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=$-> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp$pacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRightreflect.makeFuncStubdodeltimer0: wrong P
API String ID: 0-303003880
Opcode ID: 9189574ca4b928e4d27b03f555d64e68c3b48ff2dc3ff198a3f50d46ab942c6b
Instruction ID: 82977e8f91a28c124076ab5eb8e1ca70af31a532c9fb5b49f3559a981d361046
Opcode Fuzzy Hash: 9189574ca4b928e4d27b03f555d64e68c3b48ff2dc3ff198a3f50d46ab942c6b
Instruction Fuzzy Hash: 41719132918B9489D651EF25E4403AEB7A8FB8AB80F44D335EA8D67726CF38C491C754

Function 0006B320 Relevance: 6.3, Strings: 5, Instructions: 80COMMON

Download Yara Rule

Strings

packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dl, xrefs: 0006B3E5
lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces, xrefs: 0006B42F
cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc f, xrefs: 0006B3C5
-> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac, xrefs: 0006B405
runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p, xrefs: 0006B3A5

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: -> node= ms cpu, (forced) wbuf1.n= wbuf2.n= s.limit= s.state= B work ( B exp.) marked unmarked in use), size = bad prune, tail = recover: not in [ctxt != 0, oldval=, newval= threads=: status= blocked= lockedg=atomicor8 runtime= m->curg=(unknown)tracebac$ cnt=gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc f$ packed=BAD RANK status unknown(trigger= npages= nalloc= nfreed=[signal newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dl$lfstack.push span.limit= span.state=bad flushGen MB stacks, worker mode nDataRoots= nSpanRoots= wbuf1=<nil> wbuf2=<nil> gcscandone runtime: gp= found at *( s.elemsize= B (goal , cons/mark maxTrigger= pages/byte s.sweepgen= allocCount end tracegcProces$runtime: lfstack.push invalid packing: node=out of memory allocating heap arena metadata/cpu/classes/scavenge/background:cpu-secondsruntime: unexpected metric registration for gcmarknewobject called while doing checkmarkactive sweepers found at start of mark p
API String ID: 0-2297701913
Opcode ID: af92a64c9f6d4d9c7d16bfea1fbe1651a9243a1dd138ea718c56c4f0b062d045
Instruction ID: a6bbcf57bc5db0ea597f051e69f46368a349b6baf4095ae0d2248bfcaf1d6f35
Opcode Fuzzy Hash: af92a64c9f6d4d9c7d16bfea1fbe1651a9243a1dd138ea718c56c4f0b062d045
Instruction Fuzzy Hash: 22216B32214B84C6DA00EF20E8813EDB768F78EB80F489521EA9C87B67DF38C5949751

Function 00078D00 Relevance: 5.3, Strings: 4, Instructions: 334COMMON

Download Yara Rule

Strings

runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64, xrefs: 0007923B
flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan, xrefs: 00079256
p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRight, xrefs: 00079298
!= sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase, xrefs: 00079271

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: != sweepgen MB globals, work.nproc= work.nwait= nStackRoots= flushedWork double unlock s.spanclass= MB) workers=min too large-byte block (runtime: val=runtime: seq=fatal error: idlethreads= syscalltick=load64 failedxadd64 failedxchg64 failednil stackbase$ flushGen MB goal, s.state = s.base()= heapGoal=GOMEMLIMIT KiB now, pages at sweepgen= sweepgen , bound = , limit = tracefree(tracegc()exitThreadBad varintGC forced runqueue= stopwait= runqsize= gfreecnt= throwing= spinning=atomicand8float64nanfloat32nan$p mcache not flushed markroot jobs donepacer: assist ratio=workbuf is not emptybad use of bucket.mpbad use of bucket.bpruntime: double waitws2_32.dll not foundpreempt off reason: forcegc: phase errorgopark: bad g statusgo of nil func valuesemaRoot rotateRight$runtime: p ms clock, nBSSRoots=runtime: P exp.) for minTrigger=GOMEMLIMIT=bad m value, elemsize= freeindex= span.list=, npages = tracealloc( p->status= in status idleprocs= gcwaiting= schedtick= timerslen= mallocing=bad timedivfloat64nan1float64nan2float64
API String ID: 0-4177187854
Opcode ID: 03f7cd8119889657a40ea6c8f7ef859067656a4ab0510e26568b06c3934f614b
Instruction ID: 5a3816e0d11b17f4c48f1ca02bf741c2a7daae6b09f2afffb7c188cefab9d2ca
Opcode Fuzzy Hash: 03f7cd8119889657a40ea6c8f7ef859067656a4ab0510e26568b06c3934f614b
Instruction Fuzzy Hash: CFE1B132608B8086DB60DF60F4843AEB765F786B90F44C226EA9D43BA6DF7DC485C740

Function 00063040 Relevance: 5.3, Strings: 4, Instructions: 294COMMON

Download Yara Rule

Strings

2-by, xrefs: 00063066
te k, xrefs: 00063075
expa, xrefs: 00063048
nd 3, xrefs: 00063057

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: 2-by$expa$nd 3$te k
API String ID: 0-3581043453
Opcode ID: 1bfd12aae4992293bcfa08a0d04c9c5b66133943839401843ebfc1f57da5db55
Instruction ID: 0ae0e148d8b613ad563f9c25d27b1e5d2f0539bcea7f1b40191dd0e455b10af3
Opcode Fuzzy Hash: 1bfd12aae4992293bcfa08a0d04c9c5b66133943839401843ebfc1f57da5db55
Instruction Fuzzy Hash: C3B1B066F25FD94AF323A63810036B7EB185FFB9C9A40E327FC9474A87D72095036254

Function 0009ACA0 Relevance: 5.3, Strings: 4, Instructions: 266COMMON

Download Yara Rule

Strings

casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangefaa2375edd5eade9607c79ab4660cbb1CertAddCertificateContextToStoreCertVerify, xrefs: 0009B0AF
runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid , xrefs: 0009B067
casgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCall, xrefs: 0009B01B
newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWriteFileWSASendToprofBloc, xrefs: 0009B085

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: newval= mcount= bytes, stack=[ minLC= maxpc= stack=[ minutes etypes wsaioctlavx512bwavx512vlgo/typesnet/httpgo/buildx509sha1ClassANYQuestionntdll.dllImm32.dllole32.dllpsapi.dllwinmm.dllFindCloseLocalFreeMoveFileWPurgeCommSetupCommWriteFileWSASendToprofBloc$casgstatus: bad incoming valuesresetspinning: not a spinning mentersyscallblock inconsistent runtime: split stack overflow: ...additional frames elided...unsafe.String: len out of rangefaa2375edd5eade9607c79ab4660cbb1CertAddCertificateContextToStoreCertVerify$casgstatus: waiting for Gwaiting but is Grunnableruntime: unable to acquire - semaphore out of syncmallocgc called with gcphase == _GCmarkterminationrecursive call during initialization - linker skewattempt to execute system stack code on user stackcompileCall$runtime: casgstatus: oldval=gcstopm: negative nmspinningfindrunnable: netpoll with psave on system g not allowednewproc1: newg missing stacknewproc1: new g is not GdeadFixedStack is not power-of-2missing stack in shrinkstack args stack map entries for invalid
API String ID: 0-334245130
Opcode ID: 7e7523a9c097134b13462cd6f7b5e416f1ea576a23ad159ecbd59e836cd6d070
Instruction ID: eaa2a07caded0c91f0c4f6a267b08ce7b2a26a66eb8d312430ab7d7828090a27
Opcode Fuzzy Hash: 7e7523a9c097134b13462cd6f7b5e416f1ea576a23ad159ecbd59e836cd6d070
Instruction Fuzzy Hash: B9B1B136705B80C6DB14DB25E4853AEBB61F34BB90F548226EE9C43B66CF3AC492D741

Function 00097900 Relevance: 5.2, Strings: 4, Instructions: 221COMMON

Download Yara Rule

Strings

bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unsafe.Pointermime/mul, xrefs: 00097BB3
runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=unknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff multipartmaxpartsRegLoadMUIStringWCM_MapCrToWin32ErrCloseServiceHandleCreateWellKnownSidGe, xrefs: 00097AC5
runtime., xrefs: 00097A92
reflect., xrefs: 00097AEC

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: bad restart PC-thread limitstopm spinning nmidlelocked= needspinning=randinit twicestore64 failedsemaRoot queuebad allocCountbad span statestack overflow untyped args out of range no module dataruntime: seq1=runtime: goid= in goroutine unsafe.Pointermime/mul$reflect.$runtime.$runtime/internal/thread exhaustionlocked m0 woke upentersyscallblock spinningthreads=unknown caller pcstack: frame={sp:runtime: nameOff runtime: typeOff runtime: textOff multipartmaxpartsRegLoadMUIStringWCM_MapCrToWin32ErrCloseServiceHandleCreateWellKnownSidGe
API String ID: 0-1222596509
Opcode ID: b7a32715680aac5d4347dabd34d9300cb2dea12ed9dcc76ff3d6c87feb3e9781
Instruction ID: 6606de67e2ef3a5cdee9160575b8ecd84a948dc01c8cea488d28abc59c09558f
Opcode Fuzzy Hash: b7a32715680aac5d4347dabd34d9300cb2dea12ed9dcc76ff3d6c87feb3e9781
Instruction Fuzzy Hash: 6371D033728A4086DF64CB20E0803AEB3A2F789B94F588535EF9D57745DB38D981E700

Function 0007F360 Relevance: 5.2, Strings: 4, Instructions: 177COMMON

Download Yara Rule

Strings

runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stac, xrefs: 0007F527
greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n, xrefs: 0007F5EF
marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during , xrefs: 0007F5DE
+]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=, xrefs: 0007F565

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: +]1/=[<{}_MLy: i), M [("")) ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=$greyobject: obj not pointer-alignedmismatched begin/end of activeSweepmheap.freeSpanLocked - invalid freeattempt to clear non-empty span setruntime: close polldesc w/o unblockfindrunnable: netpoll with spinningpidleput: P has non-empty run queuetraceback did n$marking free object KiB work (eager), [controller reset]mspan.sweep: state=sysMemStat overflowbad sequence numberntdll.dll not foundwinmm.dll not foundruntime: g0 stack [panic during mallocpanic holding locksmissing deferreturnunexpected gp.parampanic during $runtime: marking free object addspecial on invalid pointerruntime: summary max pages = runtime: levelShift[level] = doRecordGoroutineProfile gp1=timeBegin/EndPeriod not foundruntime: sudog with non-nil cgfput: bad status (not Gdead)semacquire not on the G stac
API String ID: 0-3934792834
Opcode ID: 08377912b86303e8ac9e57a67d7966ccb4961e5da47b38a8f98771e24e22b093
Instruction ID: 65c46a595f52b479ac4eb2a685cbbcea4bb87db1167aed5e81c1d8f4f95275b4
Opcode Fuzzy Hash: 08377912b86303e8ac9e57a67d7966ccb4961e5da47b38a8f98771e24e22b093
Instruction Fuzzy Hash: 7F61F172A04B8186DB109F11E4413ADBBB4F74ABD0F849126EF9D07BA6CB7CC694C744

Function 000B9C00 Relevance: 4.2, Strings: 3, Instructions: 451COMMON

Download Yara Rule

Strings

...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipeermssse3avx2bmi1bmi2boolint8uintchanfuncntohsCall, xrefs: 000BA097
) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at , xrefs: 000BA0ED
non-Go function at pc=RtlLookupFunctionEntryRegisterRawInputDevicesCreateAcceleratorTableWGetSidSubAuthorityCountQueryServiceLockStatusWRegNotifyChangeKeyValueSetKernelObjectSecurityCertGetCertificateChainDeleteVolumeMountPointWFreeEnvironmentStringsWGetActive, xrefs: 000BA3BB

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: ) @s -> Pn=][}]> +"LlLtLuMnnilfinptrobjgc %: gp *(in n= ) - NaN P m= MPC= < end > ...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at $...]:???pc= Gcgodnstcpudpadxaesshaavxfmaintmapnetbindtrueallgallprootitabsbrkidledead is LEAFbase of ) = <==GOGC] = pc=+Inf-Inf: p=cas1cas2cas3cas4cas5cas6 at m= sp= sp: lr: fp= gp= mp=) m=icmpigmpfilepipeermssse3avx2bmi1bmi2boolint8uintchanfuncntohsCall$non-Go function at pc=RtlLookupFunctionEntryRegisterRawInputDevicesCreateAcceleratorTableWGetSidSubAuthorityCountQueryServiceLockStatusWRegNotifyChangeKeyValueSetKernelObjectSecurityCertGetCertificateChainDeleteVolumeMountPointWFreeEnvironmentStringsWGetActive
API String ID: 0-955204032
Opcode ID: 837fa49853f02ee945f66b1db7cf6fc4a8748b5c4383304d00f751477b2565f1
Instruction ID: 8ea816d0431ec2f11fd8b6bb74135c3b452a01b389e7f78397f798890d22915d
Opcode Fuzzy Hash: 837fa49853f02ee945f66b1db7cf6fc4a8748b5c4383304d00f751477b2565f1
Instruction Fuzzy Hash: FD222732219BC086DB709B25E4943EEB7A4F78AB80F545125EBCD47B6ACF79C584CB01

Function 0009B600 Relevance: 4.0, Strings: 3, Instructions: 245COMMON

Download Yara Rule

Strings

stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin, xrefs: 0009B99B
stopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt basepersistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/cl, xrefs: 0009B920
stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou, xrefs: 0009B9E5

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: stopTheWorld: holding locksgcstopm: not waiting for gcinternal lockOSThread errorruntime: checkdead: nmidle=runtime: checkdead: find g runlock of unlocked rwmutexsigsend: inconsistent statemakeslice: len out of rangemakeslice: cap out of rangegrowslice: len ou$stopTheWorld: not stopped (status != _Pgcstop)signal arrived during external code executioncompileCallback: float arguments not supportedruntime: name offset base pointer out of rangeruntime: type offset base pointer out of rangeruntime: text offset base poin$stopTheWorld: not stopped (stopwait != 0)strconv: illegal AppendInt/FormatInt basepersistentalloc: align is not a power of 2out of memory allocating checkmarks bitmap/cpu/classes/gc/mark/dedicated:cpu-seconds/memory/classes/metadata/mcache/free:bytes/memory/cl
API String ID: 0-3630176550
Opcode ID: 713f239655b1ea949e60f5723686747d40b6f4ef38b01857a869c732196a4351
Instruction ID: c9bff592ca52681bf078e866fed0adf6ec68f2a0ab200162d4ec2f52df64014c
Opcode Fuzzy Hash: 713f239655b1ea949e60f5723686747d40b6f4ef38b01857a869c732196a4351
Instruction Fuzzy Hash: DAA1A032219B8086DB64DF21F5803AEB7A5F38ABA0F588126DE9D537A6DF3DC445D700

Function 000001467404F1A8 Relevance: 1.8, APIs: 1, Instructions: 304COMMONLIBRARYCODE

Download Yara Rule

APIs

_initp_misc_winsig.LIBCMT ref: 000001467404F1DC

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _initp_misc_winsig
String ID:
API String ID: 2710132595-0
Opcode ID: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction ID: 88afd0836e2ad20356783cd743152066dc6884a535b1362797df419b434e2799
Opcode Fuzzy Hash: c8c90554330dcabd03fa81e8dd660722591610607187a6cda5de2b4df199049a
Instruction Fuzzy Hash: 51A1CE71619A09CFEF54FF75E898AAA37B2F764301721893A904AC3174DA7CD585CF40

Function 000AAD20 Relevance: 1.7, Strings: 1, Instructions: 441COMMON

Download Yara Rule

Strings

!"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC, xrefs: 000AAE2D, 000AAF36, 000AB077, 000AB19F

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: !"#$%%&&''((()))*++,,,,,------....//////0001123333333333444444444455666677777888888888889999999999::::::;;;;;;;;;;;;;;;;<<<<<<<<<<<<<<<<=====>>>>>>>>>>>??????????@@@@@@@@@@@@@@@@@@@@@@AAAAAAAAAAAAAAAAAAAAABBBBBBBBBBBCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
API String ID: 0-2911004680
Opcode ID: f1a2c6ce181677595d58bd7d17e3c83520557f899f132b5de162b50608f3db87
Instruction ID: e9d290d595e6ae4fe467163d1b3ad496257bd0adccfd6a7a6b258979a524333b
Opcode Fuzzy Hash: f1a2c6ce181677595d58bd7d17e3c83520557f899f132b5de162b50608f3db87
Instruction Fuzzy Hash: 0BF10472715A8086DB10DBA1E8047EEB766F346BD1FC94126EA9F47786CBBCC981D301

Function 0008DC00 Relevance: 1.5, Strings: 1, Instructions: 266COMMON

Download Yara Rule

Strings

runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin, xrefs: 0008DFA5

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: runtime: cannot allocate memorycheckmark found unmarked objectruntime: failed to commit pages/memory/classes/heap/free:bytes/memory/classes/os-stacks:bytespacer: sweep done at heap size non in-use span in unswept listcasgstatus: bad incoming valuesresetspinnin
API String ID: 0-429552053
Opcode ID: 4fead73db7c2fd06ab04fff5ec5541ac52a2135b99e48b4f288699ab3801faec
Instruction ID: c3014c08bb55689ecea99acf47d9824bbfa5968cf64323c23a81f354849c12fc
Opcode Fuzzy Hash: 4fead73db7c2fd06ab04fff5ec5541ac52a2135b99e48b4f288699ab3801faec
Instruction Fuzzy Hash: 02A16C76618B9482CA60EF12E44066EB7A5F399BD0F545223EFCD57B69CF38C891CB40

Function 00073A20 Relevance: 1.5, Strings: 1, Instructions: 255COMMON

Download Yara Rule

Strings

bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs, xrefs: 00073DC7

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: bulkBarrierPreWrite: unaligned argumentsrefill of span with free space remaining/cpu/classes/scavenge/assist:cpu-secondsruntime.SetFinalizer: first argument is failed to acquire lock to reset capacitymarkWorkerStop: unknown mark worker modecannot free workbufs
API String ID: 0-866072839
Opcode ID: c511116005e24f0d6d03b0e39e26f168a634c75d2605641b870d4f9f1b6f0a65
Instruction ID: 3fb4a70f3405bc4e8b19bef88dcd7aa54e628e84f0cc9d345cf7b54ae4796055
Opcode Fuzzy Hash: c511116005e24f0d6d03b0e39e26f168a634c75d2605641b870d4f9f1b6f0a65
Instruction Fuzzy Hash: 4091B2B6B09A9482EB608B16E44039EA7A5F389FC0F58D126EF8C57B19DF3CC591D704

Function 0008CDE0 Relevance: 1.4, Strings: 1, Instructions: 189COMMON

Download Yara Rule

Strings

bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod, xrefs: 0008D0A7

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: bad summary dataruntime: addr = runtime: base = runtime: head = timeBeginPeriod
API String ID: 0-2099802129
Opcode ID: aa8734c99936b1f548741b7eac49658af94e74995c989596c5a6e3f78e6c74c3
Instruction ID: ed5618bdd34c472ef4ba05811c1aecef88fd2efa21bcd97207badc4bbb808861
Opcode Fuzzy Hash: aa8734c99936b1f548741b7eac49658af94e74995c989596c5a6e3f78e6c74c3
Instruction Fuzzy Hash: 8661DFB6710B8882DB00AB55E44039E7765F78ABD0F849226EF9D53B9ACB7CC585C740

Function 000793C0 Relevance: 1.4, Strings: 1, Instructions: 180COMMON

Download Yara Rule

Strings

gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free , xrefs: 00079594

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: gcing MB, got= ... max=scav ptr ] = (usageinit ms, fault and tab= top=[...], fp:filesclosesse41sse42ssse3int16int32int64uint8arraysliceGreekGetACPlistensendtosocketstringsysmontimersefenceselect, not object next= jobs= goid sweep B -> % util alloc free
API String ID: 0-3855658118
Opcode ID: 4450f97a7e93900e7c87282b45522a0f7de58f8177b1c7ffba59d3126c6037e1
Instruction ID: 4b3a9aa24ef6b0e864b41f686c0d280763ae8f9ed8c30365e6a1fd085fda75e9
Opcode Fuzzy Hash: 4450f97a7e93900e7c87282b45522a0f7de58f8177b1c7ffba59d3126c6037e1
Instruction Fuzzy Hash: 17818F32608B80C6E710DF61F8853AA77A4F78A790F518236EA9D437A6DF7DC085C744

Function 0007FAA0 Relevance: 1.3, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackcannot send after transport endpoint shu, xrefs: 0007FB90

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID: gcmarknewobject called while doing checkmarkactive sweepers found at start of mark phaseno P available, write barriers are forbiddencompileCallback: float results not supportedcannot trace user goroutine on its own stackcannot send after transport endpoint shu
API String ID: 0-656962341
Opcode ID: 7c2e61a62e90ead759f417bbe1f1399d545bfdc3c11705be5c66fe3e8241a002
Instruction ID: 5b750a1f718dc4c6d098811ccb474a2288245a22cfd9a445f67578bdbaa72928
Opcode Fuzzy Hash: 7c2e61a62e90ead759f417bbe1f1399d545bfdc3c11705be5c66fe3e8241a002
Instruction Fuzzy Hash: E021D0F3B02A8542DF049F15D4903E86762E35AFD8F4AA075CF4D17756CA6CC596C304

Function 0007D0E0 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 231abd5b1abf549545fd7a0b25304d968281e504c9ca99c7b2de315712dc9ab5
Instruction ID: 710eae595e28f3f5ff79f50b85eabce72470f0f4211bcfc62233c74f67c2719d
Opcode Fuzzy Hash: 231abd5b1abf549545fd7a0b25304d968281e504c9ca99c7b2de315712dc9ab5
Instruction Fuzzy Hash: B3B1F072A09B8086DB55CB25E0443BAB7B1FB86B94F18C236DA8E13795CF3DD082C704

Function 0009F560 Relevance: .3, Instructions: 260COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2e6f66b8894ef14a49ffb9dc839a8c779d0dcc0ef32ef705d788eaf74a421ad
Instruction ID: 91803e50dcf1ac447fbf883f160ba8fef464b77428a166c8db6c7d43dfdea1a4
Opcode Fuzzy Hash: c2e6f66b8894ef14a49ffb9dc839a8c779d0dcc0ef32ef705d788eaf74a421ad
Instruction Fuzzy Hash: 2D91D77771969286DB64CB66A450BBEBBA1F389BC4F485035EE8D87F15CB38C8409B40

Function 000C2109 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2c5485a5182c1944c21839c6f6f924e7122d3e6bc8d53abbbe7bff05db59c1e
Instruction ID: 57fb2d77a802a3749bd60370143b8a466993d2add94152f786ae03fb6d9575e6
Opcode Fuzzy Hash: d2c5485a5182c1944c21839c6f6f924e7122d3e6bc8d53abbbe7bff05db59c1e
Instruction Fuzzy Hash: 7AB10C16D18FCA60E61357789403B762B14AFF36D4F01D73ABEC2F1A63D7166900B922

Function 0008A580 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45fe04ac07d9e4df590570a8f83cb0d84bda1080bc505db192f511de2bdc66ac
Instruction ID: 2e7a3febf4b218c2a754fe06130a41b947e88f3bd34dedc7a7ac3d633afc9583
Opcode Fuzzy Hash: 45fe04ac07d9e4df590570a8f83cb0d84bda1080bc505db192f511de2bdc66ac
Instruction Fuzzy Hash: BBA14877618B8482DB109B15E48029EB7A1F78ABD4F545226EFDD13BAACF7CD151CB00

Function 0008BA00 Relevance: .2, Instructions: 219COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b80b28e9f0368e08475e51977a5840c692297971d3256ae9aafaafb66b7952be
Instruction ID: 0266cd10291bf81d3512514b44e10882c77516126cc7a62fcfe00f49f7d5d6ef
Opcode Fuzzy Hash: b80b28e9f0368e08475e51977a5840c692297971d3256ae9aafaafb66b7952be
Instruction Fuzzy Hash: C3819B73618B8482DB109B55E4803AEB762F79ABC0F489126EFDD17B5ACF78D181CB40

Function 00069620 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f488600136c30bdb9e6407a377e024698c2b32c5728983f7a6a5d23af27e9101
Instruction ID: 85fff042a007456958df7bd5d86549e7038f7b5e41aa03a248cf9c2634fb88ad
Opcode Fuzzy Hash: f488600136c30bdb9e6407a377e024698c2b32c5728983f7a6a5d23af27e9101
Instruction Fuzzy Hash: 5F4107A6705B9581AE448F6385240BEA366E74AFD4399E233DF2E77F68C63CD502C344

Function 000AF260 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e5af0a2f3b6844756f0d1c8680e8b3ded4aae67bf0e5ee0d4f3ac3d648ab834
Instruction ID: 3f2c11c93fb548bdee0a5703c6d763baae3c83395ff5fd4da72d5963c3c7db50
Opcode Fuzzy Hash: 5e5af0a2f3b6844756f0d1c8680e8b3ded4aae67bf0e5ee0d4f3ac3d648ab834
Instruction Fuzzy Hash: F9411623B81A468ACF509AF4E4513FA12CAD386774FCC8B74DF2D473C2E62C86E59610

Function 000859A0 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db07a7d2611b326d525d858ed4c12227397dc1636f7d76847f2df12b352b3f3a
Instruction ID: be972ed80f1d29fc0db06442140e2915760ce4061cdb73362174da4572ceb2f5
Opcode Fuzzy Hash: db07a7d2611b326d525d858ed4c12227397dc1636f7d76847f2df12b352b3f3a
Instruction Fuzzy Hash: E251EA72609F80C5DE15DB35E88436AB3A2F79ABE1F288725DADD13755EF39C0818700

Function 00081600 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f8b21fe391d83765924226536708be3bc33667ae8a0d166a9778286f2b20a6
Instruction ID: eee1b7acfcfa42222e31bc6db4ad8d7a8f3603f23c3ee56622eae5335ebb25bb
Opcode Fuzzy Hash: 64f8b21fe391d83765924226536708be3bc33667ae8a0d166a9778286f2b20a6
Instruction Fuzzy Hash: 8D3118B2A0FE4446DD07F73A54613B4921F7F97BE4F68C72258BB661E9EB1A80538300

Function 0008E980 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
Instruction ID: 2b5056069c195a9c02033e5544c028bbbe706c513335ee9c067e1ddcf68f6c42
Opcode Fuzzy Hash: d559122a1f6f0b69832be9421c7c214fb777efde5fa0d191de61b1ee1601c01b
Instruction Fuzzy Hash: EA3105B6711BC846DA88CB229A243C963AAF798FC0F19D1759F4C93718EB38E550C340

Function 0006D9A0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7cf438167e42270682a8e646ac5fa7a6bde7d680dcbd58cfeef0e2c9530ccb5
Instruction ID: 9bb5485c216e0460df69850127d29470b1756f25508d65bbfa33a1b8e1b8d3d1
Opcode Fuzzy Hash: a7cf438167e42270682a8e646ac5fa7a6bde7d680dcbd58cfeef0e2c9530ccb5
Instruction Fuzzy Hash: 96112EF2E35F440ADA47D73A5551351820B5FD6BD0F28D323AC1BB6796E72890D38100

Function 000C4E60 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2887199747.0000000000061000.00000020.00000001.01000000.00000003.sdmp, Offset: 00060000, based on PE: true

Associated: 00000000.00000002.2887152119.0000000000060000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887263727.00000000000E4000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887369127.00000000001D5000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887391309.00000000001D7000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001D8000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.00000000001FE000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.0000000000204000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887412919.000000000026C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887506650.0000000000270000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887528746.0000000000275000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2887550514.0000000000276000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_60000_1x6jzcZeRu.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d62c5fd17778f817de740871a6899372cd913a18dfe35a0517ef0f8af829fcf2
Instruction ID: 43d47fa53f2d26443e53e59bcfad78de5424883c0df946a69173387582659008
Opcode Fuzzy Hash: d62c5fd17778f817de740871a6899372cd913a18dfe35a0517ef0f8af829fcf2
Instruction Fuzzy Hash: 79C02BF0907BC518FB30C304750035C39C1BF583C0E92C088D28841214D72C82806244

Function 0000014674055E1C Relevance: 16.6, APIs: 11, Instructions: 108COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0000014674055E4E

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 0000014674055E45

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

__doserrno.LIBCMT ref: 0000014674055EAB
_errno.LIBCMT ref: 0000014674055EB2
_invalid_parameter_noinfo.LIBCMT ref: 0000014674055F16

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: __doserrno_errno_getptd_noexit$_invalid_parameter_noinfo
String ID:
API String ID: 388111225-0
Opcode ID: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction ID: 28ca1f3a5dd70b23238132cc2b24b8cf3f3984db4912259cd484c61af2669801
Opcode Fuzzy Hash: f569b21a01fad2a92039226acf8a97d91cb16fac7f3924a9cc2c8e1a455bf938
Instruction Fuzzy Hash: C931CA302147088FE359AF68984ABEDB690EB4332DF560679F456872F7E6749881C353

Function 0000014674056C08 Relevance: 15.1, APIs: 10, Instructions: 93COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0000014674056C33

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 0000014674056C2B

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

__lock_fhandle.LIBCMT ref: 0000014674056C77
_lseeki64_nolock.LIBCMT ref: 0000014674056C90
_unlock_fhandle.LIBCMT ref: 0000014674056CB3

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseeki64_nolock_unlock_fhandle
String ID:
API String ID: 2644381645-0
Opcode ID: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction ID: c1181d7a73125f3d97c3751e5c77cd5f9b434e8a952031e2fd483252d999e8b4
Opcode Fuzzy Hash: 1a0056bbafc3a7faafb75a0a5683c60387dc6450d26c6e1c9b28f7a797692c5c
Instruction Fuzzy Hash: AD21F9306286044FF355AB58D84ABFDFAE0EB4732FF550679E05A871F3DA645881C2A3

Function 0000014674056A90 Relevance: 15.1, APIs: 10, Instructions: 88COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0000014674056ABB

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 0000014674056AB3

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

__lock_fhandle.LIBCMT ref: 0000014674056AFF
_lseek_nolock.LIBCMT ref: 0000014674056B18
_unlock_fhandle.LIBCMT ref: 0000014674056B39

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_lseek_nolock_unlock_fhandle
String ID:
API String ID: 1078912150-0
Opcode ID: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction ID: a9ba0e5012b946102c2667c635860d07eb3001f2fb92ef4ff579845136d4eecc
Opcode Fuzzy Hash: af586274eb7c0247a5ed565ce490a43ddd2b1adc4c580e4a875ff27a69eb19f0
Instruction Fuzzy Hash: 6A21F7316086044FF714AB58D84ABFDB6D1EB8332EF150679E05A872F3EA6458C1C2A7

Function 0000014674055434 Relevance: 13.6, APIs: 9, Instructions: 89COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467405545F

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 0000014674055457

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

__lock_fhandle.LIBCMT ref: 00000146740554A3
_unlock_fhandle.LIBCMT ref: 00000146740554DD

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_errno_unlock_fhandle
String ID:
API String ID: 2464146582-0
Opcode ID: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction ID: af123237c7c1f3214bc0ef20fa2795ac0f527a60d30d51dc41b69999b208ffa3
Opcode Fuzzy Hash: c89056d156aae0bb9c491ae48c02d203d405bbf82af9f534bcd04b22b5544d86
Instruction Fuzzy Hash: 4921F4306086044FF359AB18D89ABFCB6D0EB8332FF16026DF056872F7D6645881C6A3

Function 0000014674054C58 Relevance: 13.6, APIs: 9, Instructions: 71COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0000014674054C79

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 0000014674054C71

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

__lock_fhandle.LIBCMT ref: 0000014674054CBD
_close_nolock.LIBCMT ref: 0000014674054CD0
_unlock_fhandle.LIBCMT ref: 0000014674054CE9

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno__lock_fhandle_close_nolock_errno_unlock_fhandle
String ID:
API String ID: 2140805544-0
Opcode ID: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction ID: 56109021a44071311ade7222d05c987a2bb71c4f8d0ba7e65d9953079b6b0757
Opcode Fuzzy Hash: d63a0d9a057a00514656f61d256491cfcc4309f98023220473e92bade8306c33
Instruction Fuzzy Hash: 1921F631155A049EF355AB648849BECBAA0EB8332EF210638E416871F3D6745880C363

Function 000001467404EF6C Relevance: 12.6, APIs: 10, Instructions: 116COMMONLIBRARYCODE

Download Yara Rule

APIs

free.LIBCMT ref: 000001467404EF9A

Part of subcall function 000001467404E244: _errno.LIBCMT ref: 000001467404E264

free.LIBCMT ref: 000001467404EFAF
free.LIBCMT ref: 000001467404EFD0
free.LIBCMT ref: 000001467404EFE5
free.LIBCMT ref: 000001467404EFF9
free.LIBCMT ref: 000001467404F005
free.LIBCMT ref: 000001467404F030
free.LIBCMT ref: 000001467404F051
free.LIBCMT ref: 000001467404F06A
free.LIBCMT ref: 000001467404F09B

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: free$_errno
String ID:
API String ID: 2288870239-0
Opcode ID: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction ID: 44283c82d26550e2b5491e8df42214159971f1d9d4d8d2b676023b62ad79cde7
Opcode Fuzzy Hash: f2c387d57ff385ba375dc00a6173171a26f2c39e06d74853e0125178de0f68c4
Instruction Fuzzy Hash: 7D418130264E0A8FFB94EB5CD899BE472D0F76B35EF6440799106C22F3CA2C89458752

Function 000001467403360C Relevance: 11.6, APIs: 9, Instructions: 305COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000146740336A9

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

malloc.LIBCMT ref: 00000146740336B3

Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E318
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E31D

malloc.LIBCMT ref: 00000146740336BE
free.LIBCMT ref: 000001467403387E
free.LIBCMT ref: 0000014674033886
free.LIBCMT ref: 000001467403388E

Part of subcall function 00000146740344F0: malloc.LIBCMT ref: 000001467403453A
Part of subcall function 00000146740344F0: malloc.LIBCMT ref: 0000014674034545
Part of subcall function 00000146740344F0: free.LIBCMT ref: 000001467403462C
Part of subcall function 00000146740344F0: free.LIBCMT ref: 0000014674034634

free.LIBCMT ref: 000001467403389A
free.LIBCMT ref: 00000146740338A7
free.LIBCMT ref: 00000146740338B4

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: free$malloc$_errno$_callnewh$AllocateHeap
String ID:
API String ID: 2779598320-0
Opcode ID: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction ID: be17aca752ae22d3347072fb64fc814bb6d098d715a4cd23c80976943f98df5f
Opcode Fuzzy Hash: 78c5723810e6e6d18fab4a62d391ea0db65c57382cb75ed74f6abc212771b6cb
Instruction Fuzzy Hash: B391DA30318B494BD769AB6C9485BF977D1EB9674DF54027ED88AC32A3DE30DC028687

Function 000001467404EE10 Relevance: 10.6, APIs: 7, Instructions: 107COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467404EE36

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_invalid_parameter_noinfo.LIBCMT ref: 000001467404EE42
__crtIsPackagedApp.LIBCMT ref: 000001467404EE53
_dosmaperr.LIBCMT ref: 000001467404EE9D

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: Packaged__crt_dosmaperr_errno_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 2917016420-0
Opcode ID: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction ID: 10ebd9f274dae942820c1f9957d90711bfcc71f4fb1df55fb7e376adbe52ca5a
Opcode Fuzzy Hash: cfbfe809ff06962f400f8854e8dfaca57605153f463412cb5835124c7fa4a529
Instruction Fuzzy Hash: 0B31F330614A098FEB44AB2D98097A976D0FB9A31EF14417DA40AC32F3EB38C9408783

Function 000001467405973C Relevance: 10.6, APIs: 7, Instructions: 78COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 0000014674059755

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__lock_fhandle.LIBCMT ref: 000001467405979D
__doserrno.LIBCMT ref: 00000146740597D2
_errno.LIBCMT ref: 00000146740597D9
_unlock_fhandle.LIBCMT ref: 00000146740597E9

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$__doserrno__lock_fhandle_getptd_noexit_unlock_fhandle
String ID:
API String ID: 4120058822-0
Opcode ID: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction ID: 3e3807947abffe59462a4a70f4463f89371145eaca35c67e94d0adab77aea381
Opcode Fuzzy Hash: 9341880fa3ae8ea43da77f4714028596b22b009dd5c4526b8d460d71b2af8a07
Instruction Fuzzy Hash: 0321F230608A088EE714AF68989DFEDBA90EF4331EF15017DE41A872F3D6645880C763

Function 000001467404FB10 Relevance: 9.3, APIs: 6, Instructions: 257COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467404FB4C

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_invalid_parameter_noinfo.LIBCMT ref: 000001467404FB57
memcpy_s.LIBCMT ref: 000001467404FC1C
_fileno.LIBCMT ref: 000001467404FC87
_filbuf.LIBCMT ref: 000001467404FCB5
_errno.LIBCMT ref: 000001467404FD05

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$_filbuf_fileno_getptd_noexit_invalid_parameter_noinfomemcpy_s
String ID:
API String ID: 2328795619-0
Opcode ID: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction ID: abf4b1d47e46af4e1dda5adbe7c9e5682be3c0d6790eb8f3a85bc9bbd0f43fcc
Opcode Fuzzy Hash: 4bbdce99b29ecd3e24264ac9f3b66a56e11342a03ebc5466d7d382185dba5216
Instruction Fuzzy Hash: 5A617530228F094EE668572C545D2B9B2D1E7A77AEF25033EE456C32F7DA60985286C3

Function 000001467404F620 Relevance: 9.1, APIs: 6, Instructions: 94COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467404F577

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_invalid_parameter_noinfo.LIBCMT ref: 000001467404F582
_getstream.LIBCMT ref: 000001467404F5A2
_errno.LIBCMT ref: 000001467404F5B4
_errno.LIBCMT ref: 000001467404F5C6
_openfile.LIBCMT ref: 000001467404F5F4

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$_getptd_noexit_getstream_invalid_parameter_noinfo_openfile
String ID:
API String ID: 1547050394-0
Opcode ID: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
Instruction ID: 00e09a00e89a123450ad781122bcb4011149644078eaedd7eb451d8bc34bf661
Opcode Fuzzy Hash: 25a8bf288fd42ce426ab2ae56b53d18e2e8359fd32586f4ae3706e9ff750b65b
Instruction Fuzzy Hash: 4F21B070608A494FF790BB2C54097E9B6D1EBAB35EF55057AA449C32B3EF24DC808396

Function 00000146740421F4 Relevance: 9.0, APIs: 7, Instructions: 264stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strchr.LIBCMT ref: 000001467404222E
strchr.LIBCMT ref: 000001467404224C
malloc.LIBCMT ref: 0000014674042264
malloc.LIBCMT ref: 0000014674042271
rand.LIBCMT ref: 000001467404233D
free.LIBCMT ref: 000001467404245B
free.LIBCMT ref: 0000014674042463

Part of subcall function 000001467404E244: _errno.LIBCMT ref: 000001467404E264

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: freemallocstrchr$_errnorand
String ID:
API String ID: 2126518082-0
Opcode ID: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction ID: 148b3e37b151c3fc6e20e37b8e379465cbb4eed5175d213dc9ad4ce6637d2855
Opcode Fuzzy Hash: f35e4bf4a30ec4413237561f10dac7197b8990473e0b46e11b580f4fb44e5963
Instruction Fuzzy Hash: 7081A730618E984BE7A5AB3C94053F6B3D1FFAB38EF04057DD589C71A3DA3499468782

Function 0000014674033170 Relevance: 8.9, APIs: 7, Instructions: 181COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 00000146740331BD

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

malloc.LIBCMT ref: 00000146740331C8

Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E318
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E31D

free.LIBCMT ref: 00000146740332AF
free.LIBCMT ref: 00000146740332B7
free.LIBCMT ref: 00000146740332BF
free.LIBCMT ref: 00000146740332CB
free.LIBCMT ref: 00000146740332D8

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocateHeap
String ID:
API String ID: 4095668141-0
Opcode ID: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction ID: 98ab18c0a1ccc1528138272585ba77aa05dade4722a5203bc2ace5696d3c5334
Opcode Fuzzy Hash: a46d6df1e63736bbf5e6f8efd513222b2720334364c4a35ae3722e37f335d37b
Instruction Fuzzy Hash: BC517330618F095BE759EB3C9499BB977D0FB5A30EF50017DD84AC32A7EE20D85286C6

Function 000001467403BA74 Relevance: 7.9, APIs: 6, Instructions: 411COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 0000014674044FEC: malloc.LIBCMT ref: 0000014674045008

malloc.LIBCMT ref: 000001467403BB3B

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

Part of subcall function 000001467404B230: malloc.LIBCMT ref: 000001467404B29C

Part of subcall function 000001467404DAA8: malloc.LIBCMT ref: 000001467404DAF8

Part of subcall function 000001467404DAA8: realloc.LIBCMT ref: 000001467404DB07

malloc.LIBCMT ref: 000001467403BC4A
_snprintf.LIBCMT ref: 000001467403BCC1
_snprintf.LIBCMT ref: 000001467403BCE7
_snprintf.LIBCMT ref: 000001467403BD0E
free.LIBCMT ref: 000001467403BEC6

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: malloc$_snprintf$_errno$AllocateHeap_callnewhfreerealloc
String ID:
API String ID: 705544021-0
Opcode ID: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction ID: ca0dd6732345975b991ab57dca4572485307db2140d54c9f63e02e7b59b89233
Opcode Fuzzy Hash: fd4b1ce187cf5d2c7b3c7d1d5f2f485ec143d87fcb2d796d9dd721ce5a89571b
Instruction Fuzzy Hash: 6ED17D30718A044BEB58BB78885A7F972E2EBD734EF50053DA446C76E3DE38D9158683

Function 0000014674040694 Relevance: 7.7, APIs: 5, Instructions: 205COMMON

Download Yara Rule

APIs

Part of subcall function 0000014674044FEC: malloc.LIBCMT ref: 0000014674045008

Part of subcall function 000001467404F620: _errno.LIBCMT ref: 000001467404F577
Part of subcall function 000001467404F620: _invalid_parameter_noinfo.LIBCMT ref: 000001467404F582

fseek.LIBCMT ref: 0000014674040730

Part of subcall function 000001467404FEA4: _errno.LIBCMT ref: 000001467404FECC
Part of subcall function 000001467404FEA4: _invalid_parameter_noinfo.LIBCMT ref: 000001467404FED7

_ftelli64.LIBCMT ref: 0000014674040738

Part of subcall function 000001467404FF18: _errno.LIBCMT ref: 000001467404FF36
Part of subcall function 000001467404FF18: _invalid_parameter_noinfo.LIBCMT ref: 000001467404FF41

fseek.LIBCMT ref: 0000014674040748

Part of subcall function 000001467404FEA4: _fseek_nolock.LIBCMT ref: 000001467404FEF5

malloc.LIBCMT ref: 0000014674040788

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

fclose.LIBCMT ref: 0000014674040845

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$_invalid_parameter_noinfo$fseekmalloc$AllocateHeap_callnewh_fseek_nolock_ftelli64fclose
String ID:
API String ID: 495604859-0
Opcode ID: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction ID: 8613f297b72f2944b8a933323faf61bfe6f94d047ee8a8c962cad0118282c157
Opcode Fuzzy Hash: f1c4e02295faa99f8843714657dd5281141177bf23df19fa39898597ddf49910
Instruction Fuzzy Hash: 9C51CA31618A084FE74DEB2C945A7F972D1FB9A35DF50427DE48BC32E7DE24990286C2

Function 0000014674059348 Relevance: 7.7, APIs: 5, Instructions: 201COMMON

Download Yara Rule

APIs

_mtinitlocknum.LIBCMT ref: 0000014674059375

Part of subcall function 0000014674052E58: _FF_MSGBANNER.LIBCMT ref: 0000014674052E75
Part of subcall function 0000014674052E58: _NMSG_WRITE.LIBCMT ref: 0000014674052E7F

_lock.LIBCMT ref: 0000014674059388
_lock.LIBCMT ref: 00000146740593E3
_calloc_crt.LIBCMT ref: 000001467405949A

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _lock$_calloc_crt_mtinitlocknum
String ID:
API String ID: 3962633935-0
Opcode ID: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction ID: 645e83d844decc1ebeb36f612b9d2c438eb35b7afadff454111f8205ab2c0515
Opcode Fuzzy Hash: b1e94c722dda090378a8e761eed7513b06593d91ccd6790d0d4411b736f80c7c
Instruction Fuzzy Hash: 7A51E470518A088BE7689F58C889BA5F7D0FB5631DF15426DE88AC71B3D674DC82CB83

Function 00000146740344F0 Relevance: 7.7, APIs: 6, Instructions: 175COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 000001467403453A

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

malloc.LIBCMT ref: 0000014674034545

Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E318
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E31D

free.LIBCMT ref: 000001467403462C
free.LIBCMT ref: 0000014674034634
free.LIBCMT ref: 0000014674034640
free.LIBCMT ref: 000001467403464D

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: free$_errno$_callnewhmalloc$AllocateHeap
String ID:
API String ID: 4095668141-0
Opcode ID: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction ID: cd33ad42b27833f33fe43fd0d5bf19e30cd342c0afc0d3fc9f884a34f6d88f10
Opcode Fuzzy Hash: 9dd44889f23309e2c133c4e883ac3d7c03cf28f4ebc62bcd805b5d39935d1e2d
Instruction Fuzzy Hash: 3041A331258B0D4BE759AB3848497BA76D5E79735EF14413DD487C72A3ED20D8064BC3

Function 000001467405139C Relevance: 7.6, APIs: 5, Instructions: 149COMMONLIBRARYCODE

Download Yara Rule

APIs

_fileno.LIBCMT ref: 00000146740513B9

Part of subcall function 0000014674054A54: _errno.LIBCMT ref: 0000014674054A5D
Part of subcall function 0000014674054A54: _invalid_parameter_noinfo.LIBCMT ref: 0000014674054A68

_errno.LIBCMT ref: 00000146740513C9

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_errno.LIBCMT ref: 00000146740513E5
_isatty.LIBCMT ref: 0000014674051446
_getbuf.LIBCMT ref: 0000014674051452

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$_fileno_getbuf_getptd_noexit_invalid_parameter_noinfo_isatty
String ID:
API String ID: 304646821-0
Opcode ID: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction ID: 4c5c77b213db3f25ed5f961e953e89c67ab1a83d3396ea104ccb349c32fd5403
Opcode Fuzzy Hash: c35e8c2de9f02937b40d8dcb44627bb11330896f7d068decc206105344bae12a
Instruction Fuzzy Hash: 5E519330514A088FEB98EF18C499BE9B6D1FB4631DF540669D855CF2E7D674C8C1CB82

Function 0000014674048220 Relevance: 7.6, APIs: 6, Instructions: 142COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 000001467404824F

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

_snprintf.LIBCMT ref: 0000014674048267

Part of subcall function 000001467404E63C: _errno.LIBCMT ref: 000001467404E673
Part of subcall function 000001467404E63C: _invalid_parameter_noinfo.LIBCMT ref: 000001467404E67E

free.LIBCMT ref: 000001467404827E

Part of subcall function 000001467404E244: _errno.LIBCMT ref: 000001467404E264

malloc.LIBCMT ref: 00000146740482CE
_snprintf.LIBCMT ref: 00000146740482E6
free.LIBCMT ref: 000001467404830E

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$_snprintffreemalloc$AllocateHeap_callnewh_invalid_parameter_noinfo
String ID:
API String ID: 3374735158-0
Opcode ID: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction ID: 2966b82958357f6442947044dd854a73d3cb35dd00ded0df0a8766e2b0270ba6
Opcode Fuzzy Hash: faf2166294d0965833cb84c6e7fe882f3c5ed13ceeefabe40a4c11aee224dca5
Instruction Fuzzy Hash: 0C41A33170CE480FE698AB6C64193F877D2E79B359F4456A9D08EC32A7DE249C024782

Function 000001467403EC64 Relevance: 7.6, APIs: 5, Instructions: 90fileCOMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 000001467403EC85

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

free.LIBCMT ref: 000001467403ECC0
fwrite.LIBCMT ref: 000001467403ED01
fclose.LIBCMT ref: 000001467403ED09
free.LIBCMT ref: 000001467403ED16

Part of subcall function 000001467404E244: _errno.LIBCMT ref: 000001467404E264

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno$free$AllocateHeap_callnewhfclosefwritemalloc
String ID:
API String ID: 3186758386-0
Opcode ID: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
Instruction ID: edeaa7822f61cf6a5b113cf42b5f83d3ffdb9a8340942cfc7d143d695c07c88c
Opcode Fuzzy Hash: c287650ca013cd6fba82a94b2bfab312077d62521af6d54d1c0599a360ecab3d
Instruction Fuzzy Hash: 8D214131228E084FE694F76C84597EEB6D1FB9A38DF54067DA54AC32E7DD2499018383

Function 00000146740595EC Relevance: 7.5, APIs: 5, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 00000146740595FD

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

__doserrno.LIBCMT ref: 00000146740595F5

Part of subcall function 0000014674050CA8: _getptd_noexit.LIBCMT ref: 0000014674050CAC

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _getptd_noexit$__doserrno_errno
String ID:
API String ID: 2964073243-0
Opcode ID: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction ID: 4f34d94811843f1d0f1a1bcde4bee4defc739c0ed9bb6eb15c0fb4d96492eb7b
Opcode Fuzzy Hash: 7de39b626677fa29025c8f4af27b0a540db68e2d6824cc23474586602198323a
Instruction Fuzzy Hash: 100181301259498EF695A774C85DBD8B6A0FF1332FFA54664A005871F7EB6854C4C723

Function 000001467403DC04 Relevance: 6.5, APIs: 5, Instructions: 254COMMONLIBRARYCODE

Download Yara Rule

APIs

_snprintf.LIBCMT ref: 000001467403DCD3
_snprintf.LIBCMT ref: 000001467403DCFE
_snprintf.LIBCMT ref: 000001467403DD1A
_snprintf.LIBCMT ref: 000001467403DDCF
_snprintf.LIBCMT ref: 000001467403DDE6

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _snprintf
String ID:
API String ID: 3512837008-0
Opcode ID: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction ID: c151c56b65b1ad2530478e1021652cfa2bc652addee7b4435be1f2bc3139d4e9
Opcode Fuzzy Hash: 72e4e973a1d0442b98f7febb78707b45b3081222fbe35b5ecbc6412512dc3076
Instruction Fuzzy Hash: AF91A530618A484FEB55EF28D889BE977E5FBA6309F000579E446C31A3DF38D945C782

Function 000001467404DFEC Relevance: 6.3, APIs: 5, Instructions: 76COMMON

Download Yara Rule

APIs

malloc.LIBCMT ref: 000001467404E00F

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

malloc.LIBCMT ref: 000001467404E01D

Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E318
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E31D

malloc.LIBCMT ref: 000001467404E03F
_snprintf.LIBCMT ref: 000001467404E05A

Part of subcall function 000001467404E63C: _errno.LIBCMT ref: 000001467404E673
Part of subcall function 000001467404E63C: _invalid_parameter_noinfo.LIBCMT ref: 000001467404E67E

malloc.LIBCMT ref: 000001467404E075

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errnomalloc$_callnewh$AllocateHeap_invalid_parameter_noinfo_snprintf
String ID:
API String ID: 3487649172-0
Opcode ID: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction ID: 795acff424d5637e22b838d22878f92d1e92756b9bdb2168ee11d372fd753e05
Opcode Fuzzy Hash: b352101c7262c8bcb4a5e96376bd10b91777e0dce9561e268234f3b9efdf5141
Instruction Fuzzy Hash: 0911513061CF044FE7A8EB6CA4493A576D1F79E355F1046AEE09AC32A7EA349C4147C2

Function 000001467404F62C Relevance: 6.2, APIs: 4, Instructions: 194COMMONLIBRARYCODE

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467404F664

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_invalid_parameter_noinfo.LIBCMT ref: 000001467404F66F
_flush.LIBCMT ref: 000001467404F721
_fileno.LIBCMT ref: 000001467404F742

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno_fileno_flush_getptd_noexit_invalid_parameter_noinfo
String ID:
API String ID: 634798775-0
Opcode ID: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction ID: 7d0754dd9a8e2a80b0d18901f430f710bace9d505a9c13654685e930549b03c9
Opcode Fuzzy Hash: 34e7f92ebff520e6a17a4e985317f9f17b8bd586bad3667c73d28a98cf0395a5
Instruction Fuzzy Hash: B851D930218F094FE6A86B6D544E7B571C0E76B35EF24027ED49AC31F3EA65DC528187

Function 00000146740300D0 Relevance: 6.1, APIs: 4, Instructions: 90COMMONLIBRARYCODE

Download Yara Rule

APIs

clock.LIBCMT ref: 0000014674030117
clock.LIBCMT ref: 0000014674030124
clock.LIBCMT ref: 000001467403012D
clock.LIBCMT ref: 000001467403013A

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: clock
String ID:
API String ID: 3195780754-0
Opcode ID: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction ID: d110ebde3d11554f50576eeb9416a811a4db65aaecc200c31abe7eeb541dafde
Opcode Fuzzy Hash: 88d80a52c757cc5c40c2c6d70a970e4954adb33c3b78b443ec03df4506b3ea8d
Instruction Fuzzy Hash: 8B210B3140D70D8FE768AEA85446BB6BBD0EBC6359F15423EE996C3267F9509C4282C3

Function 0000014674030CC4 Relevance: 5.4, APIs: 4, Instructions: 410COMMONLIBRARYCODE

Download Yara Rule

APIs

calloc.LIBCMT ref: 0000014674030D6A

Part of subcall function 000001467405DE08: _calloc_impl.LIBCMT ref: 000001467405DE18
Part of subcall function 000001467405DE08: _errno.LIBCMT ref: 000001467405DE2B
Part of subcall function 000001467405DE08: _errno.LIBCMT ref: 000001467405DE35

free.LIBCMT ref: 0000014674030EF3
free.LIBCMT ref: 0000014674030EFD

Part of subcall function 000001467404E244: _errno.LIBCMT ref: 000001467404E264

free.LIBCMT ref: 0000014674030F0F

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errnofree$_calloc_implcalloc
String ID:
API String ID: 1251419800-0
Opcode ID: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
Instruction ID: 90ccf5f3cbf74b4ed2e39cc2e130480aaf08a0b3c68612e7dd84e957c9332b27
Opcode Fuzzy Hash: d93992b633c35f2e37b516dd72fb4d9a33d59668b61f8d19e3ffcf9038676577
Instruction Fuzzy Hash: E1E12270618B488FD798DF6CD489BA9BBE1FB99309F10452EE48DC3262DB70D845CB46

Function 000001467404E860 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69COMMON

Download Yara Rule

APIs

_errno.LIBCMT ref: 000001467404E8B1

Part of subcall function 0000014674050D18: _getptd_noexit.LIBCMT ref: 0000014674050D1C

_invalid_parameter_noinfo.LIBCMT ref: 000001467404E8BC

Strings

B, xrefs: 000001467404E8E8

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: _errno_getptd_noexit_invalid_parameter_noinfo
String ID: B
API String ID: 1812809483-1255198513
Opcode ID: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction ID: 45e7c8a8aa0cace1b70ee27f9f419186462f2375cb0fb2db31814d9610a5468d
Opcode Fuzzy Hash: c02d2d703cad3fde31994e70e132d1470a84cf0b2fdde3fa0011d2dc5e3ae6ea
Instruction Fuzzy Hash: 4611B230618B084FD754EF1C94497A9B3D1FBA9329F6047AEA41DC32A2DB74C880C782

Function 0000014674049D44 Relevance: 5.2, APIs: 4, Instructions: 226COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 0000014674049D78

Part of subcall function 000001467404E284: _FF_MSGBANNER.LIBCMT ref: 000001467404E2B4
Part of subcall function 000001467404E284: _NMSG_WRITE.LIBCMT ref: 000001467404E2BE
Part of subcall function 000001467404E284: RtlAllocateHeap.NTDLL ref: 000001467404E2D9
Part of subcall function 000001467404E284: _callnewh.LIBCMT ref: 000001467404E2F2
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E2FD
Part of subcall function 000001467404E284: _errno.LIBCMT ref: 000001467404E308

free.LIBCMT ref: 0000014674049EBF
free.LIBCMT ref: 0000014674049F23
free.LIBCMT ref: 0000014674049F2F

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: free$_errno$AllocateHeap_callnewhmalloc
String ID:
API String ID: 106865790-0
Opcode ID: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction ID: 8868767dbdb662789a0206687ebf6c2ec115f9876f9b01d2324f28b359af89b3
Opcode Fuzzy Hash: 220d10eecca3932b28677e19a5d899b4e1de467fae96e5e6bbac4d4284393be2
Instruction Fuzzy Hash: C961B730218A094BEB58EB3C9459BFD72D1EBA738DF10097DE546C31F7DE2499428693

Function 0000014674033300 Relevance: 5.2, APIs: 4, Instructions: 179COMMONLIBRARYCODE

Download Yara Rule

APIs

malloc.LIBCMT ref: 0000014674033363

Memory Dump Source

Source File: 00000000.00000002.2888836654.0000014674030000.00000020.00001000.00020000.00000000.sdmp, Offset: 0000014674030000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_14674030000_1x6jzcZeRu.jbxd

Yara matches

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction ID: d67757fc608807d3ef68f51a6a7bacfd8fd85a67beee4d73b2543d39e99dabc9
Opcode Fuzzy Hash: eb22e79342f6c44f5990d3d93bc1acaf377093f70efb3d4e41a798bd81bbd69f
Instruction Fuzzy Hash: F151C530618A054BEB59DF7CD4897AA77D1FB96309F04457DE84BC32A7EE30EC028682

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	Driver: Driver Load, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Windows Registry: Windows Registry Key Modification
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1x6jzcZeRu.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: CobaltStrike

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Compliance

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

Statistics

Windows Analysis Report
1x6jzcZeRu.exe

Function 0006C240 Relevance: 14.1, Strings: 11, Instructions: 384
COMMON

Function 00061AA0 Relevance: 8.0, Strings: 6, Instructions: 474
COMMON

Function 000001467403D68C Relevance: 7.8, APIs: 5, Instructions: 260
networkCOMMONLIBRARYCODE

Function 000001467403E014 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 103
networkCOMMONLIBRARYCODE